| 제목 | Project-Online-Shopping-Website web 1 SQL Injection |
|---|
| 설명 | The "Project-Online-Shopping-Website" project has an SQL injection vulnerability, which exists in the /delete.php file. The code directly concatenates the user input product_code into the SQL DELETE statement without any security handling. For example, inputting 'OR '1'='1 will generate DELETE FROM products WHERE product_code='' OR '1'='1', causing all data in the table to be deleted. To reproduce the project, first download it from GitHub (https://github.com/jimit105/Project-Online-Shopping-Website) and set it up. The vulnerability can be verified by entering 'OR '1'='1 in the "Product Code" field on delete.php, which redirects to remove_product.php. Upon submission, the Inventory page will show that all products have been deleted, confirming the existence of the vulnerability. |
|---|
| 원천 | ⚠️ https://github.com/mhszed/Report/blob/main/Project-Online-Shopping-Website%20exit%20sql.docx |
|---|
| 사용자 | mahushuai (UID 91047) |
|---|
| 제출 | 2025. 09. 28. PM 06:03 (7 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 11. PM 03:42 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 328040 [jimit105 Project-Online-Shopping-Website 까지 7d892f442bd8a96dd242dbe2b9bd5ed641e13e64 Product Inventory /delete.php product_code SQL 주입] |
|---|
| 포인트들 | 20 |
|---|