| Titre | sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0 Time-Based Blind SQL Injection |
|---|
| Description | The login endpoints for admin, student, and teacher users all construct the authentication query by directly embedding the user‑supplied `email` parameter into a SQL string, enclosed only by single quotes:
```php
$query = "select * from admin where email = '$_POST[email]'";
```
No sanitisation, escaping, or parameterisation is applied. Although the direct result of the query is not reflected on the page (preventing simple bypass via the login form – see false‑positive note), the SQL statement is still executed by the database server. This makes the applications fully vulnerable to time‑based blind SQL injection. An attacker can craft payloads that cause the database to delay its response (e.g., using SLEEP()) and, based on the response time, infer sensitive data from the database. |
|---|
| La source | ⚠️ https://github.com/sambitraj/STUDENT-MANAGEMENT-SYSTEM/issues/2 |
|---|
| Utilisateur | fortuneh2c (UID 97063) |
|---|
| Soumission | 03/05/2026 22:34 (il y a 1 mois) |
|---|
| Modérer | 29/05/2026 19:06 (26 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 367289 [sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0 Login Page email injection SQL] |
|---|
| Points | 20 |
|---|