| Título | SQL injection vulnerability exists in Video Sharing Website |
|---|
| Descrição | SQL injection vulnerability exists in email parameter of admin_class.php file of Video Sharing Website
Important user data or system data may be leaked and system security may be compromised
The environment is secure and the information can be used by malicious users.
When visit ajax.php and action parameter is ‘login’,it will include admin_class.php,and email parameter can do sql injection.
Payload:
email=0'XOR(if(now()=sysdate(),sleep(1),0))XOR'Z' AND (SELECT 1067 FROM (SELECT(SLEEP(5)))ygqa) AND 'Kaxl'='Kaxl |
|---|
| Fonte | ⚠️ https://github.com/E1CHO/cve_hub/blob/main/Video%20Sharing%20Website/Video%20Sharing%20Website%20vuln%202.pdf |
|---|
| Utilizador | SSL_Seven_Security Lab_WangZhiQiang_ZhangYing (UID 41874) |
|---|
| Submissão | 14/04/2023 06h10 (há 3 anos) |
|---|
| Moderação | 14/04/2023 08h22 (2 hours later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 225916 [Campcodes Video Sharing Website 1.0 admin_class.php email Injeção SQL] |
|---|
| Pontos | 20 |
|---|