| 제목 | SQL injection vulnerability exists in Master.php in php-sqlite-gpa-calculator |
|---|
| 설명 | In the php-sqlite-gpa-calculator project released yesterday, users can construct malicious statements in Master.php to perform sql injection, because the a parameter and perc parameter in the code are controllable
It can be seen that the value of perc depends entirely on how we pass parameters. If we pass parameters as perc=1'='1' union select 1,2,3,sqlite_version(),1+2;, then we can control this sql Inject, and get the version of the database
project url:https://www.sourcecodester.com/php/16373/grade-point-average-gpa-calculator-php-and-sqlite3-source-code-free-download.html |
|---|
| 원천 | ⚠️ https://github.com/Pe4cefulSnow/SQL-Injection/blob/main/README.md |
|---|
| 사용자 | Pe4cefulSnow (UID 34389) |
|---|
| 제출 | 2023. 03. 31. AM 07:22 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 03. 31. PM 12:30 (5 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 224671 [SourceCodester Grade Point Average GPA Calculator 1.0 Master.php get_scale perc SQL 주입] |
|---|
| 포인트들 | 20 |
|---|