| 제목 | code-projects E-Banking System 1.0 SQL Injection |
|---|
| 설명 | A time-based SQL injection (CWE-89) exists in E-BANKING SYSTEM (eBank/register.php) where the username POST parameter is concatenated directly into an INSERT SQL statement without proper sanitization or parameterization; an unauthenticated attacker can submit payloads such as ' AND SLEEP(5) -- to cause the database to execute arbitrary SQL (demonstrated by measurable response delays), enabling data exfiltration, modification, or other high-impact actions depending on DB privileges—remediation: stop string interpolation into SQL, use prepared statements/ORM and strong input validation, and hash passwords securely. |
|---|
| 원천 | ⚠️ https://github.com/lakshayyverma/CVE-Discovery/blob/main/E-Banking%20System%20SQLi.md |
|---|
| 사용자 | lakshay12311 (UID 91298) |
|---|
| 제출 | 2025. 10. 10. AM 08:04 (8 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 10. PM 03:54 (8 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 327930 [code-projects E-Banking System 1.0 POST Parameter /register.php username/password SQL 주입] |
|---|
| 포인트들 | 20 |
|---|