| عنوان | Code-projects Chat System 1.0 SQL Injection |
|---|
| الوصف | Because the id parameter is not sanitized or parameterized, an attacker can inject malicious SQL code to manipulate the database query. By leveraging time-based SQL injection techniques, an attacker can induce deliberate delays in the database response using functions like SLEEP(). This can be used to confirm the presence of the vulnerability and potentially extract sensitive information from the database. |
|---|
| المصدر | ⚠️ https://github.com/Sinon2003/cve/blob/main/chatsystem/sql_inject2.md |
|---|
| المستخدم | Rorochan (UID 79656) |
|---|
| ارسال | 01/01/2025 11:31 AM (1 سنة منذ) |
|---|
| الاعتدال | 02/01/2025 09:32 AM (22 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 289939 [code-projects Chat System 1.0 /admin/deleteroom.php معرف حقن SQL] |
|---|
| النقاط | 20 |
|---|