Title | Code-projects Chat System 1.0 SQL Injection |
---|
Description | Because the id parameter is not sanitized or parameterized, an attacker can inject malicious SQL code to manipulate the database query. By leveraging time-based SQL injection techniques, an attacker can induce deliberate delays in the database response using functions like SLEEP(). This can be used to confirm the presence of the vulnerability and potentially extract sensitive information from the database.
|
---|
Source | ⚠️ https://github.com/Sinon2003/cve/blob/main/sql_inject1.md |
---|
User | Rorochan (UID 79656) |
---|
Submission | 01/01/2025 09:35 AM (2 months ago) |
---|
Moderation | 01/02/2025 09:32 AM (24 hours later) |
---|
Status | Accepted |
---|
VulDB Entry | 289938 [code-projects Chat System 1.0 /admin/deleteuser.php id sql injection] |
---|
Points | 20 |
---|