Search found 2 matches
- 10 Apr 2024, 14:36
- Forum: Bug Report version 3.5.3
- Topic: SQL Injection in Users Login Log
- Replies: 2
- Views: 178
Re: SQL Injection in Users Login Log
I can't quite grasp your point. This is not related to PHP, JS, or HTML in any way? If this functionality were specifically designed to run database queries (which doesn't seem to be the case here), then maybe it would make sense to say it's a feature... and, in any case, a sandbox would be advised ...
- 09 Apr 2024, 22:29
- Forum: Bug Report version 3.5.3
- Topic: SQL Injection in Users Login Log
- Replies: 2
- Views: 178
SQL Injection in Users Login Log
Hello, I've identified an SQL Injection vulnerability in the Users Login Log functionality. Below is shown a normal request sent to the functionality. sqli.png And here is a request with a time-based payload, where one can note that the request takes a while to process due to sleep(). sqli1.png This...