| タイトル | Online Computer and Laptop Store SQL injection present at order status update |
|---|
| 説明 | This project is entitled Online Computer and Laptop Store. This web application was developed to provide an online platform for a certain computer store or business possible customers for exploring and ordering the products.Version number: v1.0
Source code online address:https://www.sourcecodester.com/php/16397/online-computer-and-laptop-store-using-php-and-mysql-source-code-free-download.html
In backend management, when a user places an order, the status of the user's order can be modified in the backend, as shown in the following figure. No pre compilation processing was performed for state modification. There is also no filtering of user input content, and there is SQL injection. Malicious users can splice SQL statements to cause harm to the platform. |
|---|
| ソース | ⚠️ https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/4-SQL%20injection%20present%20at%20order%20status%20update.pdf |
|---|
| ユーザー | muzishouchen (UID 36418) |
|---|
| 送信 | 2023年04月11日 17:59 (3 年 ago) |
|---|
| モデレーション | 2023年04月11日 18:41 (41 minutes later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 225535 [SourceCodester Online Computer and Laptop Store 1.0 Master.php?f=update_order_status 識別子 SQLインジェクション] |
|---|
| ポイント | 20 |
|---|