| 제목 | code-projects Blood Bank Management System 1.0 SQL Injection |
|---|
| 설명 | A SQL Injection vulnerability has been identified in the BloodBank Management System version 1.0, specifically within the reject request functionality. This flaw occurs due to insufficient input validation on the reqid parameter, allowing an attacker to inject malicious SQL code into the query responsible for processing request rejections.
This issue can be exploited through a time-based blind SQL injection, where the injected code forces the system to sleep for a specified amount of time. Although no data is directly exposed, attackers can infer whether the query succeeded by measuring the delay in the system’s response. Exploiting this vulnerability could allow the following malicious actions:
Data extraction over time.
Tampering with request records, such as canceling or altering blood donation or request statuses.
Denial of Service (DoS) attacks, impacting system availability by artificially increasing query times. |
|---|
| 원천 | ⚠️ https://gist.github.com/higordiego/2aba05ef2277d85ea4148dc42189eae0 |
|---|
| 사용자 | c4ttr4ck (UID 75518) |
|---|
| 제출 | 2024. 10. 25. PM 09:45 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 10. 26. PM 03:43 (18 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 281956 [code-projects Blood Bank Management System 1.0 /file/accept.php reqid SQL 주입] |
|---|
| 포인트들 | 20 |
|---|