| عنوان | GitHub Grocery List Management Web App 1.0 SQL Injection |
|---|
| الوصف | SQL Injection is a vulnerability that occurs when user-supplied input is improperly validated and directly concatenated into SQL queries. An attacker can manipulate the input to alter the structure of the query, leading to unauthorized access or modification of database contents.
In the affected application, the id parameter of update.php is directly embedded in the SQL query without proper sanitization or the use of prepared statements. This allows an attacker to inject malicious SQL payloads and potentially:
Retrieve sensitive information such as usernames and passwords
Modify or delete database records
Enumerate database structure and version
Escalate the attack to gain full control of the backend database |
|---|
| المصدر | ⚠️ https://gist.github.com/0xSebin/a163239e0132d7d58ef1300f321da819 |
|---|
| المستخدم | 0xSebin (UID 35195) |
|---|
| ارسال | 23/08/2025 10:02 AM (10 أشهر منذ) |
|---|
| الاعتدال | 31/08/2025 10:12 AM (8 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 322050 [HKritesh009 Grocery List Management Web App حتى f491b681eb70d465f445c9a721415c965190f83b /src/update.php معرف حقن SQL] |
|---|
| النقاط | 20 |
|---|