Codeview

[ Find the Vulnerability in Code ]

Beginner levels

Injection [ php ]filedump [ php ]alertme [ js ]polluteMe [ js ]It'sDoneOnlyResource


    <?php

    $file_db = new PDO('<SQL CONNECTION>');
    
    if (NULL == $_GET['id']) $_GET['id'] = 1;

    $sql = 'SELECT * FROM employees WHERE employeeId = ' . $_GET['id'];
    
    foreach ($file_db->query($sql) as $row) {
        $employee = $row['LastName'] . " - " . $row['Email'] . "";
    
        echo $employee;
    }
    ?>

[ hint: ' ]

🏠 Home 🏠
Next →