| 제목 | sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0 Time-Based Blind SQL Injection |
|---|
| 설명 | The login endpoints for admin, student, and teacher users all construct the authentication query by directly embedding the user‑supplied `email` parameter into a SQL string, enclosed only by single quotes:
```php
$query = "select * from admin where email = '$_POST[email]'";
```
No sanitisation, escaping, or parameterisation is applied. Although the direct result of the query is not reflected on the page (preventing simple bypass via the login form – see false‑positive note), the SQL statement is still executed by the database server. This makes the applications fully vulnerable to time‑based blind SQL injection. An attacker can craft payloads that cause the database to delay its response (e.g., using SLEEP()) and, based on the response time, infer sensitive data from the database. |
|---|
| 원천 | ⚠️ https://github.com/sambitraj/STUDENT-MANAGEMENT-SYSTEM/issues/2 |
|---|
| 사용자 | fortuneh2c (UID 97063) |
|---|
| 제출 | 2026. 05. 03. PM 10:34 (1 월 ago) |
|---|
| 모더레이션 | 2026. 05. 29. PM 07:06 (26 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 367289 [sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0 Login Page email SQL 주입] |
|---|
| 포인트들 | 20 |
|---|