StudentManager icon indicating copy to clipboard operation
StudentManager copied to clipboard
verified publisher icon Hui4401

SQL inject detected in login.jsp

Open p0l42 opened this issue 2 years ago • 0 comments

I detected a sql inject in login.jsp by source code review. In detail, the code in teacherD/studentD.checkAccount concat the username and password with sql, and cause a sql inject. image The vuln can be exploit by payload 1' or '1'='1 and access main.jsp successfully without true password. image image

p0l42 avatar Dec 24 '23 08:12 p0l42