| 제목 | SQL injection vulnerability exists in manage_user.php of Simple Task Allocation System |
|---|
| 설명 | The manage_user.php of the Simple Task Allocation System has a sql injection vulnerability. The id parameter input by the user is not filtered when the code is written, so that the user can carefully construct the url for sql injection
We can splice statement closure at http://127.0.0.1/php-sqlite-task-allocation-system/?page=manage_user&id=2
http://127.0.0.1/php-sqlite-task-allocation-system/?page=manage_user&id=2'union select 1,sqlite_version(),3,4,5;
The data can be obtained. Here we take obtaining the database version as an example and other high-risk injection vulnerabilities.
source url:https://www.sourcecodester.com/php/16358/simple-task-allocation-system-using-php-and-sqlite-source-code-free-download.html |
|---|
| 원천 | ⚠️ https://github.com/Pe4cefulSnow/SQL-Injection/blob/main/SQLcve.md |
|---|
| 사용자 | Pe4cefulSnow (UID 34389) |
|---|
| 제출 | 2023. 03. 31. AM 11:42 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 04. 02. AM 08:44 (2 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 224743 [SourceCodester Simple Task Allocation System 1.0 manage_user.php 아이디 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|