| عنوان | SourceCodester electric-billing-management-system Action.php 1.0 SQL Injection |
|---|
| الوصف | SQL Injection in Sourcecodester The Electric Billing Management System 1.0 by oretnom23 The reason for the SQL injection vulnerability is that the website application did not verify the validity of the data submitted by the user to the server (such as type, length, business parameter validity, etc.), nor did it effectively filter the data input by the user with special characters, thus directly inputting the user's input into the database for execution. This exceeded the expected result of the original design of the SQL statement. The system did not filter the username parameter content correctly in the Actionphp file, resulting in SQL injection using a universal password to bypass login restrictions |
|---|
| المصدر | ⚠️ https://github.com/enjoyworld/webray.com.cn/blob/main/cves/Electric%20Billing%20Management%20System/Electric%20Billing%20Managemen%20SQL-inject%20System%20Action.php%20SQL-inject.md |
|---|
| المستخدم | xmg404 (UID 74197) |
|---|
| ارسال | 29/08/2024 04:02 AM (2 سنوات منذ) |
|---|
| الاعتدال | 30/08/2024 09:39 AM (1 day later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 276219 [SourceCodester Electric Billing Management System 1.0 /Actions.php?a=login أسم المستخدم حقن SQL] |
|---|
| النقاط | 20 |
|---|