Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
product_ Admin.php There is SQL injection in line 23
$link=mysql_connect($host,$user,$pass); mysql_select_db($db_name,$link); //Если переменная Name передана if (isset($_POST["Name"])) { //Тут идет запрос $sql = mysql_query("INSERT INTO `info` (`Name`, `Fname`, `ID`) VALUES ('".$_POST['Name']."','".$_POST['Fname']."','".$_POST['ID']."')"); //Успех if ($sql) { echo "<p>Ваши данные успешно добавлены.</p>"; } else { echo "<p>Произошла ошибка.</p>"; } } ?>
Just submit the following post request
Name=aa',version(),4)#
search.php post : query=a
The text was updated successfully, but these errors were encountered:
No branches or pull requests
product_ Admin.php
There is SQL injection in line 23
Just submit the following post request
Name=aa',version(),4)#search.php
post : query=a
The text was updated successfully, but these errors were encountered: