Submit #85436: Medical Certificate Generator App 存在sql注入info

TitleMedical Certificate Generator App 存在sql注入
Description在文件里面的manage_record.php中的参数id没有任何过滤,可以造成sql注入。此文件的打开的有一个以get方式接受的变量id,然后直接拼接到$qry = $conn->query("SELECT * FROM `med_cert_info` where id = '{$_GET['id']}'");,所以id这个参数是我们可以控制的,我们只需要在参数那里进行闭合之后再进行注入即可
Source⚠️ https://www.sourcecodester.com/php/16105/medical-certificate-generator-app-using-php-and-mysql-free-download.html
User
 p1nk (UID 40417)
Submission02/07/2023 10:00 (3 years ago)
Moderation02/07/2023 10:35 (35 minutes later)
StatusAccepted
VulDB entry220340 [SourceCodester Medical Certificate Generator App 1.0 manage_record.php ID sql injection]
Points20

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!