Gửi #99590: SourceCodester Online Graduate Tracer System admin_cs.php sql injectionthông tin

tiêu đềSourceCodester Online Graduate Tracer System admin_cs.php sql injection
Mô tảSourceCodester Online Graduate Tracer System admin_cs.php sql injection url:tracking/admin/admin_cs.php Abstract: Line 241 of admin_cs.php invokes a SQL query built using unvalidated input. This call could allow an attacker to modify the statement’s meaning or to execute arbitrary SQL commands. Explanation: SQL injection errors occur when: Data enters a program from an untrusted source. The data is used to dynamically construct a SQL query. In this case the data is passed to mysqli_query() in admin_cs.php at line 241. sqlmap.py -u http://127.0.0.1/shenji/tracking/admin/admin_cs.php?id=1111 --current-db Parameter: id (GET) Type: time-based blind Title: MYSQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: id:1111'AND (SELECT 5126 FROM (SELECT(SLEEP(5)))BFUF) ANDIgBK':'IgBK Download Code: https://www.sourcecodester.com/php/15904/online-graduate-tracer-system-college-ict-alumni.html
Nguồn⚠️ https://blog.csdn.net/weixin_43864034/article/details/129418770
Người dùng
 bit3hh (UID 42576)
Đệ trình09/03/2023 04:54 (cách đây 3 những năm)
Kiểm duyệt09/03/2023 15:30 (11 hours later)
Trạng tháiđược chấp nhận
Mục VulDB222647 [SourceCodester Online Graduate Tracer System 1.0 admin_cs.php mysqli_query Tiêm SQL]
điểm20

Do you want to use VulDB in your project?

Use the official API to access entries easily!