| タイトル | code-projects Blood Bank Management System 1.0 SQL Injection |
|---|
| 説明 | A SQL Injection vulnerability has been identified in the BloodBank Management System version 1.0. This issue occurs in the file acceptance functionality, which processes requests by hospitals or donors. The reqid parameter is not properly sanitized, allowing attackers to manipulate SQL queries and execute arbitrary database operations.
This vulnerability enables time-based blind SQL injection, where malicious SQL code forces the database to delay its response. Although no direct information is returned, the response time reveals whether the query executed successfully. This can allow attackers to:
Extract sensitive data by repeatedly querying the database.
Modify or delete database records.
Perform Denial of Service (DoS) by executing time-consuming operations, impacting availability.
|
|---|
| ソース | ⚠️ https://gist.github.com/higordiego/5f927c5e0502b4ec31b3f7ef12556942 |
|---|
| ユーザー | c4ttr4ck (UID 75518) |
|---|
| 送信 | 2024年10月25日 15:25 (1 年 ago) |
|---|
| モデレーション | 2024年10月26日 09:14 (18 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 281939 [code-projects Blood Bank Management 1.0 /file/accept.php reqid SQLインジェクション] |
|---|
| ポイント | 20 |
|---|