| タイトル | code-projects Easy Blog Site In PHP 1.0 SQL Injection |
|---|
| 説明 | A SQL Injection vulnerability exists in the Easy Blog Site in PHP within the contact form functionality.
The vulnerability occurs in the following endpoint:
/blog/users/contact_us.php
The application processes user input submitted through an HTTP POST request. The name parameter is user-controlled and is incorporated into backend SQL queries without proper validation or sanitization.
Testing confirmed that the name parameter is vulnerable to time-based SQL injection, indicating that attacker-supplied SQL expressions are executed by the database engine.
By injecting a crafted payload into the name parameter, an attacker can manipulate the SQL query. In the provided request, a delay-based SQL payload using the SLEEP() function was used:
name='+(select*from(select(sleep(20)))a)+'
When the request is processed, the server response is delayed by approximately 20 seconds, confirming successful execution of the injected SQL statement.
This demonstrates that the application directly includes user input in SQL queries without using prepared statements or parameterized queries. |
|---|
| ソース | ⚠️ https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/SQL%20Injection%20in%20Easy%20Blog%20Site%20PHP%20name%20Parameter.md |
|---|
| ユーザー | AhmadMarzouk (UID 95993) |
|---|
| 送信 | 2026年03月24日 12:49 (23 日 ago) |
|---|
| モデレーション | 2026年04月08日 16:39 (15 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 356243 [code-projects Easy Blog Site 迄 1.0 /users/contact_us.php 名前 SQLインジェクション] |
|---|
| ポイント | 20 |
|---|