SQL inject detected in login.jsp

I detected a sql inject in login.jsp by source code review.
In detail, the code in teacherD/studentD.checkAccount concat the username and password with sql, and cause a sql inject.
![image](https://github.com/Hui4401/StudentManager/assets/56333292/098fcd35-c649-467a-8371-6c5b52daedee)
The vuln can be exploit by payload 1' or '1'='1 and access main.jsp successfully without true password.
![image](https://github.com/Hui4401/StudentManager/assets/56333292/5bef7f77-1482-4acb-9e82-302fd62d982e)
![image](https://github.com/Hui4401/StudentManager/assets/56333292/6e6373eb-0a17-4ec8-aa65-a96af68d4850)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SQL inject detected in login.jsp #7

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

SQL inject detected in login.jsp #7

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions