제출 #85436: Medical Certificate Generator App 存在sql注入정보

제목Medical Certificate Generator App 存在sql注入
설명在文件里面的manage_record.php中的参数id没有任何过滤,可以造成sql注入。此文件的打开的有一个以get方式接受的变量id,然后直接拼接到$qry = $conn->query("SELECT * FROM `med_cert_info` where id = '{$_GET['id']}'");,所以id这个参数是我们可以控制的,我们只需要在参数那里进行闭合之后再进行注入即可
원천⚠️ https://www.sourcecodester.com/php/16105/medical-certificate-generator-app-using-php-and-mysql-free-download.html
사용자
 p1nk (UID 40417)
제출2023. 02. 07. AM 10:00 (3 연령 ago)
모더레이션2023. 02. 07. AM 10:35 (35 minutes later)
상태수락
VulDB 항목220340 [SourceCodester Medical Certificate Generator App 1.0 manage_record.php 아이디 SQL 주입]
포인트들20

이전개요다음

Do you need the next level of professionalism?

Upgrade your account now!