Submeter #43539: SQL injection vulnerability in student information systeminformação

TítuloSQL injection vulnerability in student information system
DescriçãoSQL injection vulnerability exists in student information system. When viewing the student information, the query content input by the user is not checked. The input content is controllable by the user. The user can construct a malicious payload to attack the website. Vulnerability file location: / admin / students / view_ student.php look at this source code ``` if(isset($_GET['id'])){ $qry = $conn->query("SELECT *, CONCAT(lastname,', ', firstname,' ', middlename) as fullname FROM `student_list` where id = '{$_GET['id']}'"); ``` The $ID is not protected here. Malicious data can be constructed here to attack the website database. The construction statement is as follows ``` ? page=students/view_ student&id=0' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 --+ ``` https://s1.ax1x.com/2022/08/11/vGcdBt.png Source link https://www.sourcecodester.com/php/15147/simple-student-information-system-phpoop-free-source-code.html
Fonte⚠️ https://www.sourcecodester.com/php/15147/simple-student-information-system-phpoop-free-source-code.html
Utilizador
 qidian (UID 30810)
Submissão12/08/2022 00h48 (há 4 anos)
Moderação12/08/2022 11h13 (10 hours later)
EstadoAceite
Entrada VulDB206245 [SourceCodester Student Information System view_student.php ID Injeção SQL]
Pontos20

Do you need the next level of professionalism?

Upgrade your account now!