the parameter was added with a string "username=" ,passed to function find
In the definition of function find,we can notice that though the author use PDO, he didn't use Prepared technique to avoid SQL injection vulnerability. What a pity!
After analyzing these codes,we can simply use sqlmap to exploit the vulnerability and have fun!
The text was updated successfully, but these errors were encountered:
In controller/fetchpwd.php

the parameter was added with a string "username=" ,passed to function find
In the definition of function find,we can notice that though the author use PDO, he didn't use Prepared technique to avoid SQL injection vulnerability. What a pity!

After analyzing these codes,we can simply use sqlmap to exploit the vulnerability and have fun!

The text was updated successfully, but these errors were encountered: