| Titel | code-projects Blood Bank Management System 1.0 SQL Injection |
|---|
| Beschreibung | A SQL Injection vulnerability has been identified in the BloodBank Management System version 1.0. This issue occurs in the file acceptance functionality, which processes requests by hospitals or donors. The reqid parameter is not properly sanitized, allowing attackers to manipulate SQL queries and execute arbitrary database operations.
This vulnerability enables time-based blind SQL injection, where malicious SQL code forces the database to delay its response. Although no direct information is returned, the response time reveals whether the query executed successfully. This can allow attackers to:
Extract sensitive data by repeatedly querying the database.
Modify or delete database records.
Perform Denial of Service (DoS) by executing time-consuming operations, impacting availability.
|
|---|
| Quelle | ⚠️ https://gist.github.com/higordiego/5f927c5e0502b4ec31b3f7ef12556942 |
|---|
| Benutzer | c4ttr4ck (UID 75518) |
|---|
| Einreichung | 25.10.2024 15:25 (vor 1 Jahr) |
|---|
| Moderieren | 26.10.2024 09:14 (18 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 281939 [code-projects Blood Bank Management 1.0 /file/accept.php reqid SQL Injection] |
|---|
| Punkte | 20 |
|---|