Submit #94905: Online Graduate Tracer System add_acc.php sql injectioninfo

TitleOnline Graduate Tracer System add_acc.php sql injection
DescriptionOnline Graduate Tracer System add_acc.php sql injection url:tracking/admin/add_acc.php Abstract: Line 169 of add_acc.php invokes a SQL query built using unvalidated input. This call could allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands. Explanation: SQL injection errors occur when: 1. Data enters a program from an untrusted source. 2. The data is used to dynamically construct a SQL query. In this case the data is passed to mysqli_query() in add_acc.php at line 169. Parameter: id (GET) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: id=1111' AND (SELECT 7942 FROM (SELECT(SLEEP(5)))Lrkz) AND 'qyRG'='qyRG Download Code: https://www.sourcecodester.com/php/15904/online-graduate-tracer-system-college-ict-alumni.html
Source⚠️ https://blog.csdn.net/weixin_43864034/article/details/129228718
User
 kdyhuiji (UID 41828)
Submission02/26/2023 10:07 (3 years ago)
Moderation02/26/2023 12:54 (3 hours later)
StatusAccepted
VulDB entry221798 [SourceCodester Online Graduate Tracer System 1.0 add_acc.php ID sql injection]
Points20

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!