| タイトル | SQL injection vulnerability exists in Master.php in php-sqlite-gpa-calculator |
|---|
| 説明 | In the php-sqlite-gpa-calculator project released yesterday, users can construct malicious statements in Master.php to perform sql injection, because the a parameter and perc parameter in the code are controllable
It can be seen that the value of perc depends entirely on how we pass parameters. If we pass parameters as perc=1'='1' union select 1,2,3,sqlite_version(),1+2;, then we can control this sql Inject, and get the version of the database
project url:https://www.sourcecodester.com/php/16373/grade-point-average-gpa-calculator-php-and-sqlite3-source-code-free-download.html |
|---|
| ソース | ⚠️ https://github.com/Pe4cefulSnow/SQL-Injection/blob/main/README.md |
|---|
| ユーザー | Pe4cefulSnow (UID 34389) |
|---|
| 送信 | 2023年03月31日 07:22 (3 年 ago) |
|---|
| モデレーション | 2023年03月31日 12:30 (5 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 224671 [SourceCodester Grade Point Average GPA Calculator 1.0 Master.php get_scale perc SQLインジェクション] |
|---|
| ポイント | 20 |
|---|