जमा करें #431686: code-projects Blood Bank Management System 1.0 SQL Injectionजानकारी

शीर्षकcode-projects Blood Bank Management System 1.0 SQL Injection
विवरणA SQL Injection vulnerability has been identified in the BloodBank Management System version 1.0, specifically in the cancel request functionality. This flaw arises from a lack of proper input sanitization on the reqid parameter, enabling malicious users to inject SQL commands into the query handling cancellation requests. The vulnerability allows for a time-based blind SQL injection attack. In this scenario, an attacker injects code that makes the system execute time-intensive SQL operations, such as using the BENCHMARK function, to delay the response. If the request is valid, the system delays by a predefined amount of time, confirming that the injection worked. This technique can lead to: Exfiltration of sensitive data over time. Denial of Service (DoS) by slowing down the system. Tampering with blood request statuses, including unauthorized cancellations.
स्रोत⚠️ https://gist.github.com/higordiego/18cf04067697c8ceb2cba68980139dcc
उपयोगकर्ता
 c4ttr4ck (UID 75518)
सबमिशन25/10/2024 09:53 PM (2 साल पहले)
संयम26/10/2024 03:43 PM (18 hours later)
स्थितिस्वीकृत
VulDB प्रविष्टि281957 [code-projects Blood Bank Management System 1.0 /file/cancel.php reqid SQL इंजेक्शन]
अंक20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!