| Titel | SQL injection vulnerability exists in Master.php in php-sqlite-gpa-calculator |
|---|
| Beschreibung | In the php-sqlite-gpa-calculator project released yesterday, users can construct malicious statements in Master.php to perform sql injection, because the a parameter and perc parameter in the code are controllable
It can be seen that the value of perc depends entirely on how we pass parameters. If we pass parameters as perc=1'='1' union select 1,2,3,sqlite_version(),1+2;, then we can control this sql Inject, and get the version of the database
project url:https://www.sourcecodester.com/php/16373/grade-point-average-gpa-calculator-php-and-sqlite3-source-code-free-download.html |
|---|
| Quelle | ⚠️ https://github.com/Pe4cefulSnow/SQL-Injection/blob/main/README.md |
|---|
| Benutzer | Pe4cefulSnow (UID 34389) |
|---|
| Einreichung | 31.03.2023 07:22 (vor 3 Jahren) |
|---|
| Moderieren | 31.03.2023 12:30 (5 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 224671 [SourceCodester Grade Point Average GPA Calculator 1.0 Master.php get_scale perc SQL Injection] |
|---|
| Punkte | 20 |
|---|