| शीर्षक | keerti1924 Online-Book-Store-Website 1.0 Blind SQL Injection |
|---|
| विवरण | The 'shop.php' script in keerti1924's Online-Book-Store-Website is vulnerable to Blind SQL Injection attacks. An attacker could exploit this vulnerability to execute arbitrary SQL queries on the underlying database, potentially leading to unauthorized access to sensitive information or data manipulation. To exploit this flaw, an attacker needs to be logged in as a normal user and inject a specially crafted payload into the 'product_name' parameter of a POST request. By observing delays in the server's response, the attacker can infer the success of the injection. Remediating this issue involves implementing robust input validation and parameterized queries to prevent SQL injection attacks, along with enforcing the principle of least privilege to limit the impact of such vulnerabilities. |
|---|
| स्रोत | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/Blind%20SQL%20Injection%20%20Shop/Blind%20SQL%20Injection%20Shop.php%20.md |
|---|
| उपयोगकर्ता | nochizplz (UID 64302) |
|---|
| सबमिशन | 26/02/2024 01:45 PM (2 साल पहले) |
|---|
| संयम | 07/03/2024 03:35 PM (10 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 256041 [keerti1924 Online-Book-Store-Website 1.0 HTTP POST Request /shop.php product_name SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|