| 제목 | SQL Injection in Delete tasks in Task Reminder System 1.0 |
|---|
| 설명 | It was possible to locate at least one point vulnerable to sql injection, more specifically in the "Master.php" file, so that an attacker Administrator or Staff of the application can carry out the exploitation.
PoC Video: https://youtu.be/o46oHLvY2-E
References:
https://portswigger.net/web-security/sql-injection#:~:text=SQL%20injection%20(SQLi)%20is%20a,not%20normally%20able%20to%20retrieve.
https://owasp.org/www-community/attacks/SQL_Injection |
|---|
| 원천 | ⚠️ https://www.sourcecodester.com/php/16451/task-reminder-system-php-and-mysql-source-code-free-download.html |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2023. 04. 18. AM 04:49 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 04. 18. PM 12:50 (8 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 226271 [SourceCodester Task Reminder System 1.0 Master.php 아이디 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|