提出 #288211: keerti1924 Online-Book-Store-Website 1.0 Blind SQL Injection情報

タイトルkeerti1924 Online-Book-Store-Website 1.0 Blind SQL Injection
説明The 'home.php' script in keerti1924's Online-Book-Store-Website is susceptible to Blind SQL Injection attacks, enabling attackers to execute arbitrary SQL queries on the database. Exploiting this vulnerability requires an authenticated normal user to craft a POST request with a payload injected into the 'product_name' parameter. By observing a 10-second delay in the server's response, attackers can confirm the success of the injection. Mitigation involves implementing robust input validation, parameterized queries, and restricting database user privileges to prevent SQL injection attacks effectively.
ソース⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/Blind%20SQL%20Injection%20%20Home/Blind%20SQL%20Injection%20Home.php%20.md
ユーザー
 nochizplz (UID 64302)
送信2024年02月26日 14:12 (2 年 ago)
モデレーション2024年03月07日 15:35 (10 days later)
ステータス承諾済み
VulDBエントリ256042 [keerti1924 Online-Book-Store-Website 1.0 HTTP POST Request /home.php product_name SQLインジェクション]
ポイント20

概要

Do you know our Splunk app?

Download it now for free!