| 제목 | chaitak-gorai blogbook latest version as of 2025/05/22 SQL Injection |
|---|
| 설명 | The BlogBook application is vulnerable to SQL injection in its post deletion mechanism. When a delete GET parameter is supplied, its value is used unsanitized in two separate DELETE SQL queries: one targeting the posts table and another targeting the comments table based on the same post_id. This allows an attacker (potentially requiring administrative privileges) to inject malicious SQL. A crafted payload, such as one evaluating to a universally true condition (e.g., 1 OR 1=1), can bypass the intended single-post deletion and result in the deletion of all entries in both the posts and comments tables, causing significant data integrity and availability issues. |
|---|
| 원천 | ⚠️ https://github.com/rllvusgnzm98/Report/blob/main/blogbook/BlogBook%20posts.php%20delete_post%20delete%20Parameter%20SQL%20Injection.md |
|---|
| 사용자 | bpy9ft (UID 85221) |
|---|
| 제출 | 2025. 05. 22. AM 08:26 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 05. 31. PM 06:13 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 310743 [chaitak-gorai Blogbook 까지 92f5cf90f8a7e6566b576fe0952e14e1c6736513 GET Parameter view_all_posts.php post_id SQL 주입] |
|---|
| 포인트들 | 20 |
|---|