| Titel | SourceCodester SourceCodester KLiK Social Media Website v1.0.1 SQL Injection |
|---|
| Beschreibung | SQL Injection vulnerability in /includes/get_message_ajax.php via c_id parameter. Unauthenticated attackers can execute arbitrary SQL commands using time-based blind injection (SLEEP(5)) and UNION-based injection to extract database information including user credentials, private messages, and system data. |
|---|
| Quelle | ⚠️ https://github.com/msaad1999/KLiK-SocialMediaWebsite |
|---|
| Benutzer | g111 (UID 92409) |
|---|
| Einreichung | 05.04.2026 07:54 (vor 21 Tagen) |
|---|
| Moderieren | 24.04.2026 22:22 (20 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 359561 [KLiK SocialMediaWebsite bis 1.0.1 Private Message get_message_ajax.php c_id SQL Injection] |
|---|
| Punkte | 18 |
|---|