| タイトル | Online Computer and Laptop Store v1.0 SQL injection in sales report query |
|---|
| 説明 | This project is entitled Online Computer and Laptop Store . This web application was developed to provide an online platform for a certain computer store or business possible customers for exploring and ordering the products.Version number: v1.0
Source code online address:https://www.sourcecodester.com/php/16397/online-computer-and-laptop-store-using-php-and-mysql-source-code-free-download.html
In the backend management page, there is a sales report query function, in which orders can be filtered based on time. There is SQL injection here; Because filtering and verification were not performed when receiving time parameters. Execute directly in SQL statements. |
|---|
| ソース | ⚠️ https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/SQL%20injection%20in%20sales%20report%20query.pdf |
|---|
| ユーザー | haicheng.zhang (UID 38987) |
|---|
| 送信 | 2023年04月08日 05:08 (3 年 ago) |
|---|
| モデレーション | 2023年04月08日 08:30 (3 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 225340 [SourceCodester Online Computer and Laptop Store 1.0 /admin/sales/index.php date_start/date_end SQLインジェクション] |
|---|
| ポイント | 20 |
|---|