| 제목 | Abdullah-Hasan-Sajjad/Online-School web 10/13 SQL Injection |
|---|
| 설명 | This project has SQL injection vulnerabilities. After downloading the project to the local machine and deploying it successfully, it was found that almost all files handling database operations have the following issue:
The code extensively uses string concatenation to construct SQL queries, without implementing parameterized queries or input validation. When accessing the student login interface, an attacker can log in directly using a "universal password". Therefore, this project is vulnerable to SQL injection. |
|---|
| 원천 | ⚠️ https://github.com/DaoYunXinShang/Reports/blob/main/sql%20injection.doc |
|---|
| 사용자 | daoyunxinshang (UID 91589) |
|---|
| 제출 | 2025. 10. 13. PM 02:03 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 26. PM 05:10 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 329948 [Abdullah-Hasan-Sajjad Online-School 까지 f09dda77b4c29aa083ff57f4b1eb991b98b68883 /studentLogin.php Email SQL 주입] |
|---|
| 포인트들 | 20 |
|---|