| शीर्षक | 公寓访客管理系统2.0存在sql注入漏洞 SQL injection vulnerability in apartment visitor management system 2.0 |
|---|
| विवरण | SQL injection vulnerability in apartment visitor management system 2.0
Vulnerability file location: / index.php
look at this source code
```
if(isset($_POST['login']))
{
$adminuser=$_ POST['username'];
$password=md5($_POST['password']);
$query=mysqli_ query($con,"SELECT ID from tbladmin where UserName='$adminuser' && Password='$password' ");
```
The username entered by the user is not checked. The input content is controlled by the user. The user directly logs in to the admin account with the universal password.
statement is as follows
```
username=admin' or 1=1 --+
```
https://s1.ax1x.com/2022/08/13/vtVTWd.png
Source link
https://www.sourcecodester.com/php-apartment-visitor-management-system-source-code |
|---|
| स्रोत | ⚠️ https://www.sourcecodester.com/php-apartment-visitor-management-system-source-code/ |
|---|
| उपयोगकर्ता | qidian (UID 30810) |
|---|
| सबमिशन | 13/08/2022 06:04 AM (4 साल पहले) |
|---|
| संयम | 13/08/2022 07:39 AM (2 hours later) |
|---|
| स्थिति | प्रतिलिपि |
|---|
| VulDB प्रविष्टि | 205665 [SourceCodester Apartment Visitor Management System 1.0 index.php उपयोगकर्ता नाम SQL इंजेक्शन] |
|---|
| अंक | 0 |
|---|