Submit #99613: File Tracker Manager System v1.0 /file_manager/login.php post parameter username exists SQL injection vulnerabilityinfo

TitleFile Tracker Manager System v1.0 /file_manager/login.php post parameter username exists SQL injection vulnerability
DescriptionAn issue was discovered in File Tracker Manager System v1.0. There is a SQL injection that can directly issue instructions to the background database system via /file_manager/login.php post parameter username. Payload1: username=a'&password=b Payload2:username=a' and (select 1 from (select(sleep(20)))a)-- a&password=b
Source⚠️ https://github.com/godownio/bug_report/blob/main/vendors/hemedy99/File%20Tracker%20Manager%20System/SQLi-1.md
User
 godownio (UID 42581)
Submission03/09/2023 07:02 (3 years ago)
Moderation03/09/2023 15:39 (9 hours later)
StatusAccepted
VulDB entry222648 [SourceCodester File Tracker Manager System 1.0 POST Parameter /file_manager/login.php Username sql injection]
Points19

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!