| タイトル | https://www.sourcecodester.com/users/tips23 Web PHP 1 SQL Injection |
|---|
| 説明 | Exploit Title: Simple Online Bidding System SQL Injection
Date: 4/08/2023
Exploit Author: y3thu
Vendor Homepage: https://www.sourcecodester.com/users/tips23
Software Link: https://www.sourcecodester.com/php/14558/simple-online-bidding-system-using-phpmysqli-source-code.html
Attack Vector: WEB, Network
Testeted on: Kali Linux
Description: The SQL injection vulnerability in an online bidding system allows attackers to inject malicious SQL code through input fields, compromising the system's database. This enables unauthorized access to sensitive data, manipulation of bids, and potential denial-of-service attacks. Mitigation involves strict input validation, parameterized queries, database access controls, security testing, and user education to prevent exploitation and ensure system integrity. |
|---|
| ソース | ⚠️ https://github.com/yethu123/vulns-finding/blob/main/Simple%20Online%20Bidding%20System.md |
|---|
| ユーザー | y3thu (UID 52000) |
|---|
| 送信 | 2024年02月29日 19:01 (2 年 ago) |
|---|
| モデレーション | 2024年03月01日 08:45 (14 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 255393 [SourceCodester Simple Online Bidding System 1.0 index.php category_id SQLインジェクション] |
|---|
| ポイント | 20 |
|---|