| शीर्षक | raisulislamg4 student_management_system_by_php 1.0 SQL Injection |
|---|
| विवरण | The login script constructs an SQL query by directly concatenating the user‑supplied `username` and the MD5 hash of the `password` into the query string:
```php
$name = $_POST['username'];
$pass = md5($_POST['password']);
$sql = "SELECT * FROM USERS WHERE USERNAME='".$name."' AND PASSWORD='".$pass."' ";
$result = mysqli_query($data, $sql);
```
No parameterisation, escaping, or input validation is applied. An attacker can inject arbitrary SQL logic into the username field to bypass the password check entirely. Upon successful injection, the server sets a valid session and redirects to the admin dashboard, giving the attacker full administrative privileges. |
|---|
| स्रोत | ⚠️ https://github.com/raisulislamg4/student_management_system_by_php/issues/2 |
|---|
| उपयोगकर्ता | dede1 (UID 97915) |
|---|
| सबमिशन | 08/05/2026 06:17 AM (29 दिन पहले) |
|---|
| संयम | 31/05/2026 09:59 AM (23 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 367504 [raisulislamg4 student_management_system_by_php तक 310d950e09013d5133c6b9210aff9444382d16d1 Login login_check.php उपयोगकर्ता नाम SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|