StudentManager icon indicating copy to clipboard operation
StudentManager copied to clipboard
verified publisher icon Hui4401

SQL Inject Found in one_page_student

Open p0l42 opened this issue 2 years ago • 0 comments

I found a sql inject in one_page_student.findWithId/findWithName. Set a breakpoint as follows: image When I use payload one_page_student?key=1' or '1'='1,it hits the breakpoint. image image After executing String sql=...sql becomes image After executing sql query, al is filled with information image image

p0l42 avatar Dec 24 '23 09:12 p0l42