| タイトル | SourceCodester Electric Billing Management System 1.0 SQL Injection |
|---|
| 説明 | SQL Injection in Sourcecodester The Electric Billing Management System 1.0 by oretnom23 The reason for the SQL injection vulnerability is that the website application did not verify the validity of the data submitted by the user to the server (such as type, length, business parameter validity, etc.), nor did it effectively filter the data input by the user with special characters, thus directly inputting the user's input into the database for execution. This exceeded the expected result of the original design of the SQL statement. The system did not filter the code parameter content correctly in the tracks.thp file, resulting in SQL injection |
|---|
| ソース | ⚠️ https://github.com/enjoyworld/webray.com.cn/blob/main/cves/Electric%20Billing%20Management%20System/Electric%20Billing%20Managemen%20SQL-inject%20System%20tracks.php%20SQL-inject.md |
|---|
| ユーザー | xmg404 (UID 74197) |
|---|
| 送信 | 2024年08月29日 04:00 (2 年 ago) |
|---|
| モデレーション | 2024年08月30日 09:17 (1 day later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 276218 [SourceCodester Electric Billing Management System 1.0 Connection Code /?page=tracks code SQLインジェクション] |
|---|
| ポイント | 20 |
|---|