Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

Gym Management System Project Login page has SQL injection

College Attendance System (CAS) Released by SourceCodester Has SQL Injection in the admin login page and the add coach page

An attacker can obtain database information and modify the database content through this vulnerability, which is extremely harmful.

There is sql injection in the following paths

The following paths have post-type injection

/mygym/admin/login.php

The following paths have get-tpye injection

/mygym/admin/index.php?edit_tran

sql post-type injection

The admin login page is as follows

image-20220809113141195

image-20220809113524845

image-20220809160800613

There are 2 fields with injection points

admin_email
admin_pass

image-20220809160732750

sql get-type injection

The /mygym/admin/index.php?edit_tran page is as follows

image-20220809145603247

image-20220809145548944

image-20220809154840926

LINK

https://www.sourcecodester.com/php/15515/gym-management-system-project-php.html