| 标题 | code-projects Online Voting System in PHP 1.0 SQL Injection |
|---|
| 描述 | A SQL Injection vulnerability exists in the vote submission functionality of Online Voting System in PHP version 1.0.
The endpoint saveVote.php is publicly accessible without authentication and processes voter data through a test_input() function that applies htmlspecialchars() without the ENT_QUOTES flag, leaving single quotes unescaped. All four POST parameters are directly concatenated into an INSERT query:
$name= test_input($_POST["voterName"]);
$email= test_input($_POST["voterEmail"]);
$voterID= test_input($_POST["voterID"]);
$selection= test_input($_POST["selectedCandidate"]);
$sql= "INSERT INTO db_evoting.tbl_users VALUES(null,'".$name."','".$email."','".$voterID."','".$selection."');";
An unauthenticated attacker can manipulate the SQL logic to insert arbitrary records into the voter table, inject malicious data, or cause database errors by breaking the query structure. |
|---|
| 来源 | ⚠️ https://gist.github.com/c4ttr4ck/a29b2238099fa07b4f072c21123b55ef |
|---|
| 用户 | c4ttr4ck (UID 75518) |
|---|
| 提交 | 2026-06-02 20時18分 (1 月前) |
|---|
| 管理 | 2026-07-03 20時31分 (1 month later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 376162 [code-projects Online Voting System 1.0 /saveVote.php test_input voterName/voterEmail/voterID/selectedCandidate SQL注入] |
|---|
| 积分 | 20 |
|---|