| 제목 | itsourcecode Company The billing system 1.0 SQL Injection |
|---|
| 설명 | There is a serious SQL injection vulnerability in the login verification logic of the Billing System project. The vulnerability lies in the code in the process.php file that handles user login requests. Specifically, the SQL query statement in line 7 directly splices the username and password parameters submitted by the user through the POST request into the SQL query string without any effective input validation, filtering or parameterization. This insecure approach allows attackers to change the logic of the original SQL query by constructing malicious input, thereby bypassing the authentication mechanism. |
|---|
| 원천 | ⚠️ https://www.yuque.com/yuqueyonghuexlgkz/zepczx/py9oh6m1p7mx4eqr?singleDoc# 《The billing system has a foreground sql injection vulnerability》 |
|---|
| 사용자 | liule960117 (UID 88729) |
|---|
| 제출 | 2025. 10. 20. PM 07:12 (8 개월 ago) |
|---|
| 모더레이션 | 2025. 11. 02. PM 02:19 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 330911 [itsourcecode Billing System 1.0 login_crud.php 비밀번호 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|