Soumettre #288211: keerti1924 Online-Book-Store-Website 1.0 Blind SQL Injectioninformation

Titrekeerti1924 Online-Book-Store-Website 1.0 Blind SQL Injection
DescriptionThe 'home.php' script in keerti1924's Online-Book-Store-Website is susceptible to Blind SQL Injection attacks, enabling attackers to execute arbitrary SQL queries on the database. Exploiting this vulnerability requires an authenticated normal user to craft a POST request with a payload injected into the 'product_name' parameter. By observing a 10-second delay in the server's response, attackers can confirm the success of the injection. Mitigation involves implementing robust input validation, parameterized queries, and restricting database user privileges to prevent SQL injection attacks effectively.
La source⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/Blind%20SQL%20Injection%20%20Home/Blind%20SQL%20Injection%20Home.php%20.md
Utilisateur
 nochizplz (UID 64302)
Soumission26/02/2024 14:12 (il y a 2 ans)
Modérer07/03/2024 15:35 (10 days later)
StatutAccepté
Entrée VulDB256042 [keerti1924 Online-Book-Store-Website 1.0 HTTP POST Request /home.php product_name injection SQL]
Points20

PrécédentAperçuSuivant

Want to know what is going to be exploited?

We predict KEV entries!