| 标题 | SQL injection vulnerability exists in Master.php in php-sqlite-gpa-calculator |
|---|
| 描述 | In the php-sqlite-gpa-calculator project released yesterday, users can construct malicious statements in Master.php to perform sql injection, because the a parameter and perc parameter in the code are controllable
It can be seen that the value of perc depends entirely on how we pass parameters. If we pass parameters as perc=1'='1' union select 1,2,3,sqlite_version(),1+2;, then we can control this sql Inject, and get the version of the database
project url:https://www.sourcecodester.com/php/16373/grade-point-average-gpa-calculator-php-and-sqlite3-source-code-free-download.html |
|---|
| 来源 | ⚠️ https://github.com/Pe4cefulSnow/SQL-Injection/blob/main/README.md |
|---|
| 用户 | Pe4cefulSnow (UID 34389) |
|---|
| 提交 | 2023-03-31 07時22分 (3 年前) |
|---|
| 管理 | 2023-03-31 12時30分 (5 hours later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 224671 [SourceCodester Grade Point Average GPA Calculator 1.0 Master.php get_scale perc SQL注入] |
|---|
| 积分 | 20 |
|---|