| Title | SourceCodester electric-billing-management-system Action.php 1.0 SQL Injection |
|---|
| Description | SQL Injection in Sourcecodester The Electric Billing Management System 1.0 by oretnom23 The reason for the SQL injection vulnerability is that the website application did not verify the validity of the data submitted by the user to the server (such as type, length, business parameter validity, etc.), nor did it effectively filter the data input by the user with special characters, thus directly inputting the user's input into the database for execution. This exceeded the expected result of the original design of the SQL statement. The system did not filter the username parameter content correctly in the Actionphp file, resulting in SQL injection using a universal password to bypass login restrictions |
|---|
| Source | ⚠️ https://github.com/enjoyworld/webray.com.cn/blob/main/cves/Electric%20Billing%20Management%20System/Electric%20Billing%20Managemen%20SQL-inject%20System%20Action.php%20SQL-inject.md |
|---|
| User | xmg404 (UID 74197) |
|---|
| Submission | 08/29/2024 04:02 (2 years ago) |
|---|
| Moderation | 08/30/2024 09:39 (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 276219 [SourceCodester Electric Billing Management System 1.0 /Actions.php?a=login Username sql injection] |
|---|
| Points | 20 |
|---|