| 제목 | SourceCodester electric-billing-management-system Action.php 1.0 SQL Injection |
|---|
| 설명 | SQL Injection in Sourcecodester The Electric Billing Management System 1.0 by oretnom23 The reason for the SQL injection vulnerability is that the website application did not verify the validity of the data submitted by the user to the server (such as type, length, business parameter validity, etc.), nor did it effectively filter the data input by the user with special characters, thus directly inputting the user's input into the database for execution. This exceeded the expected result of the original design of the SQL statement. The system did not filter the username parameter content correctly in the Actionphp file, resulting in SQL injection using a universal password to bypass login restrictions |
|---|
| 원천 | ⚠️ https://github.com/enjoyworld/webray.com.cn/blob/main/cves/Electric%20Billing%20Management%20System/Electric%20Billing%20Managemen%20SQL-inject%20System%20Action.php%20SQL-inject.md |
|---|
| 사용자 | xmg404 (UID 74197) |
|---|
| 제출 | 2024. 08. 29. AM 04:02 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 08. 30. AM 09:39 (1 day later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 276219 [SourceCodester Electric Billing Management System 1.0 /Actions.php?a=login 사용자 이름 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|