提出 #161943: Students Online Internship Timesheet System v1.0 /internship_timesheet/rendered_report.php GET parameter sid exists SQL injection vulnerability情報

タイトルStudents Online Internship Timesheet System v1.0 /internship_timesheet/rendered_report.php GET parameter sid exists SQL injection vulnerability
説明Students Online Internship Timesheet System v1.0 exists SQL injection vulnerability. Vulnerability File: /internship_timesheet/rendered_report.php GET parameter sid exists SQL injection vulnerability. Payload1: sid=1 and 777=777 The Boolean-based injection judgment is correct, so the page is displayed normally. Payload2: sid=1 and 777=666 Boolean-based injection judgment error, so the page returns an exception. Payload3: sid=1 and (select 2 from (select(sleep(5)))c) The response time of the server is greater than 5 seconds.
ソース⚠️ https://github.com/MiserablefaithL/CVERequestReport/blob/main/SQL.md
ユーザー
 wwlcz (UID 47679)
送信2023年05月29日 04:31 (3 年 ago)
モデレーション2023年05月29日 08:49 (4 hours later)
ステータス承諾済み
VulDBエントリ230142 [SourceCodester Students Online Internship Timesheet System 1.0 GET Parameter rendered_report.php sid SQLインジェクション]
ポイント20

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!