| tiêu đề | code-projects Simple Attendance Record System 2.0 SQL Injection |
|---|
| Mô tả | In the check.php file of the Question Paper Generator, the student parameter is obtained directly from user input via `$_POST['student']` without any sanitization or type-checking, and this value is then concatenated directly into the SQL query string using simple string interpolation (e.g., `"SELECT * FROM results WHERE student = '$student'"`) instead of a parameterized prepared statement; as a result, an attacker can inject arbitrary SQL syntax such as a single quote followed by `UNION SELECT`, `OR 1=1`, `LOAD_FILE()`, `INTO OUTFILE`, or even multi-query payloads like `'; DROP TABLE results; -- `, which alters the logic of the query, leaks sensitive data (password hashes, private exams, full marks), writes malicious PHP webshells to the web directory via `INTO OUTFILE '/var/www/html/shell.php'`, and ultimately escalates to full OS-level control by leveraging the database process (e.g., MySQL running as root) to execute system commands through UDF plugins or `sys_exec`, thereby achieving server compromise. |
|---|
| Nguồn | ⚠️ https://github.com/asd1238525/cve/blob/main/SQL20.md |
|---|
| Người dùng | yuancoffee (UID 92877) |
|---|
| Đệ trình | 07/12/2025 10:49 (cách đây 5 các tháng) |
|---|
| Kiểm duyệt | 13/12/2025 09:52 (6 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 336376 [code-projects Simple Attendance Record System 2.0 /check.php student Tiêm SQL] |
|---|
| điểm | 20 |
|---|