Open
Description
There are 2 time-based SQL Injection Vulnerabilities, in /load_data_for_groups.php and /load_data_for_topusers.php respectively.
ENV:
ubuntu14.04
php 5.5.9
mysql 5.5.62
SQL Injection in /load_data_for_groups.php
vulnerable code:
Line16: the $page_size is user controllable and directly used in sql statement which may cause a time-based sql injection
POC:
trigger the sql injection(my mysql version is 5.5.62):
do not trigger:
SQL Injection in /load_data_for_topusers.php
vulnerable code:
Line30: the $page_size is user controllable and directly used in sql statement which may cause a time-based sql injection
POC:
trigger the sql injection(my mysql version is 5.5.62):
do not trigger:
Metadata
Assignees
Labels
No labels





