| Title | SQL injection vulnerability exists in manage_user.php of Simple Task Allocation System |
|---|
| Description | The manage_user.php of the Simple Task Allocation System has a sql injection vulnerability. The id parameter input by the user is not filtered when the code is written, so that the user can carefully construct the url for sql injection
We can splice statement closure at http://127.0.0.1/php-sqlite-task-allocation-system/?page=manage_user&id=2
http://127.0.0.1/php-sqlite-task-allocation-system/?page=manage_user&id=2'union select 1,sqlite_version(),3,4,5;
The data can be obtained. Here we take obtaining the database version as an example and other high-risk injection vulnerabilities.
source url:https://www.sourcecodester.com/php/16358/simple-task-allocation-system-using-php-and-sqlite-source-code-free-download.html |
|---|
| Source | ⚠️ https://github.com/Pe4cefulSnow/SQL-Injection/blob/main/SQLcve.md |
|---|
| User | Pe4cefulSnow (UID 34389) |
|---|
| Submission | 03/31/2023 11:42 (3 years ago) |
|---|
| Moderation | 04/02/2023 08:44 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 224743 [SourceCodester Simple Task Allocation System 1.0 manage_user.php ID sql injection] |
|---|
| Points | 20 |
|---|