| 제목 | GitHub Grocery List Management Web App 1.0 SQL Injection |
|---|
| 설명 | SQL Injection is a vulnerability that occurs when user-supplied input is improperly validated and directly concatenated into SQL queries. An attacker can manipulate the input to alter the structure of the query, leading to unauthorized access or modification of database contents.
In the affected application, the id parameter of update.php is directly embedded in the SQL query without proper sanitization or the use of prepared statements. This allows an attacker to inject malicious SQL payloads and potentially:
Retrieve sensitive information such as usernames and passwords
Modify or delete database records
Enumerate database structure and version
Escalate the attack to gain full control of the backend database |
|---|
| 원천 | ⚠️ https://gist.github.com/0xSebin/a163239e0132d7d58ef1300f321da819 |
|---|
| 사용자 | 0xSebin (UID 35195) |
|---|
| 제출 | 2025. 08. 23. AM 10:02 (10 개월 ago) |
|---|
| 모더레이션 | 2025. 08. 31. AM 10:12 (8 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 322050 [HKritesh009 Grocery List Management Web App 까지 f491b681eb70d465f445c9a721415c965190f83b /src/update.php 아이디 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|