| tiêu đề | SQL injection vulnerability exists in Master.php in php-sqlite-gpa-calculator |
|---|
| Mô tả | In the php-sqlite-gpa-calculator project released yesterday, users can construct malicious statements in Master.php to perform sql injection, because the a parameter and perc parameter in the code are controllable
It can be seen that the value of perc depends entirely on how we pass parameters. If we pass parameters as perc=1'='1' union select 1,2,3,sqlite_version(),1+2;, then we can control this sql Inject, and get the version of the database
project url:https://www.sourcecodester.com/php/16373/grade-point-average-gpa-calculator-php-and-sqlite3-source-code-free-download.html |
|---|
| Nguồn | ⚠️ https://github.com/Pe4cefulSnow/SQL-Injection/blob/main/README.md |
|---|
| Người dùng | Pe4cefulSnow (UID 34389) |
|---|
| Đệ trình | 31/03/2023 07:22 (cách đây 3 những năm) |
|---|
| Kiểm duyệt | 31/03/2023 12:30 (5 hours later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 224671 [SourceCodester Grade Point Average GPA Calculator 1.0 Master.php get_scale perc Tiêm SQL] |
|---|
| điểm | 20 |
|---|