Submit #94905: Online Graduate Tracer System add_acc.php sql injectioninfo

TitelOnline Graduate Tracer System add_acc.php sql injection
BeschreibungOnline Graduate Tracer System add_acc.php sql injection url:tracking/admin/add_acc.php Abstract: Line 169 of add_acc.php invokes a SQL query built using unvalidated input. This call could allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands. Explanation: SQL injection errors occur when: 1. Data enters a program from an untrusted source. 2. The data is used to dynamically construct a SQL query. In this case the data is passed to mysqli_query() in add_acc.php at line 169. Parameter: id (GET) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: id=1111' AND (SELECT 7942 FROM (SELECT(SLEEP(5)))Lrkz) AND 'qyRG'='qyRG Download Code: https://www.sourcecodester.com/php/15904/online-graduate-tracer-system-college-ict-alumni.html
Quelle⚠️ https://blog.csdn.net/weixin_43864034/article/details/129228718
Benutzer
 kdyhuiji (UID 41828)
Einreichung26.02.2023 10:07 (vor 3 Jahren)
Moderieren26.02.2023 12:54 (3 hours later)
StatusAkzeptiert
VulDB Eintrag221798 [SourceCodester Online Graduate Tracer System 1.0 add_acc.php ID SQL Injection]
Punkte20

ZurückÜbersichtWeiter

Do you want to use VulDB in your project?

Use the official API to access entries easily!