| 제목 | imvks786 student_management_system 1.0 SQL Injection |
|---|
| 설명 | The administrator login endpoint constructs an SQL query by directly embedding the user‑supplied `a_usr` (username) and `a_pwd` (password) without any sanitisation or parameterisation:
```php
$a_usr = $_POST['a_usr'];
$a_pwd = $_POST['a_pwd'];
$ret = mysqli_query($con, "SELECT * FROM admin WHERE userid='$a_usr' AND password='$a_pwd' ");
```
Because no input validation or query parameterisation is applied, an attacker can inject a boolean‑based payload into the username field. The payload admin' OR '1'='1 transforms the query into one that always returns at least one row, completely bypassing the password check. The server then sets a session and redirects to the admin dashboard, granting full administrative access. |
|---|
| 원천 | ⚠️ https://github.com/imvks786/student_management_system/issues/2 |
|---|
| 사용자 | Yeliuyun (UID 94203) |
|---|
| 제출 | 2026. 05. 25. AM 06:00 (16 날 ago) |
|---|
| 모더레이션 | 2026. 06. 07. PM 09:53 (14 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 369148 [imvks786 student_management_system 까지 9599b560ad3c3b83e75d328b76bedcd489ef1f46 Administrator Login Endpoint admin/admin_login.php a_usr/a_pwd SQL 주입] |
|---|
| 포인트들 | 20 |
|---|