Online Appointment – SQL Injection

• Exploit Database
• 113 阅读

• 作者： mohammad zaheri
  日期： 2019-09-09
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/47366/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

  # Exploit Title: Online Appointment SQL Injection # Data: 07.09.2019 # Exploit Author: mohammad zaheri # Vendor HomagePage: https://github.com/girish03/Online-Appointment-Booking-System # Tested on: Windows # Google Dork: N/A     ========= Vulnerable Page: ========= Online-Appointment-Booking-System-master/signup.php     ========== Vulnerable Source: ========== Line 52: $name=$_POST['fname']; Line 53: $gender=$_POST['gender']; Line 54: $dob=$_POST['dob']; Line 55: $contact=$_POST['contact']; Line 56: $email=$_POST['email']; Line 57: $username=$_POST['username']; Line 58: $password=$_POST['pwd']; Line 59: $prepeat=$_POST['pwdr']; Line 62: if (mysqli_query($conn, $sql))   ========= POC: ========= http://site.com/Online-Appointment-Booking-System-master/signup.php?sql=[SQL]       ========= Contact Me : ========= Telegram : @m_zhrii Email : neoboy503@gmail.com