| 제목 | code-projects Blood Bank Management System 1.0 SQL Injection |
|---|
| 설명 | A SQL Injection vulnerability has been identified in the BloodBank Management System version 1.0. This issue occurs in the file acceptance functionality, which processes requests by hospitals or donors. The reqid parameter is not properly sanitized, allowing attackers to manipulate SQL queries and execute arbitrary database operations.
This vulnerability enables time-based blind SQL injection, where malicious SQL code forces the database to delay its response. Although no direct information is returned, the response time reveals whether the query executed successfully. This can allow attackers to:
Extract sensitive data by repeatedly querying the database.
Modify or delete database records.
Perform Denial of Service (DoS) by executing time-consuming operations, impacting availability.
|
|---|
| 원천 | ⚠️ https://gist.github.com/higordiego/5f927c5e0502b4ec31b3f7ef12556942 |
|---|
| 사용자 | c4ttr4ck (UID 75518) |
|---|
| 제출 | 2024. 10. 25. PM 03:25 (1 년도 ago) |
|---|
| 모더레이션 | 2024. 10. 26. AM 09:14 (18 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 281939 [code-projects Blood Bank Management 1.0 /file/accept.php reqid SQL 주입] |
|---|
| 포인트들 | 20 |
|---|