You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
the parameter was added with a string "username=" ,passed to function find
In the definition of function find,we can notice that though the author use PDO, he didn't use Prepared technique to avoid SQL injection vulnerability. What a pity!
After analyzing these codes,we can simply use sqlmap to exploit the vulnerability and have fun!
The text was updated successfully, but these errors were encountered:
In controller/fetchpwd.php
the parameter was added with a string "username=" ,passed to function find
In the definition of function find,we can notice that though the author use PDO, he didn't use Prepared technique to avoid SQL injection vulnerability. What a pity!
After analyzing these codes,we can simply use sqlmap to exploit the vulnerability and have fun!
The text was updated successfully, but these errors were encountered: