| 제목 | Report_Online-Banking-System web 1.0 SQL Injection |
|---|
| 설명 | Vulnerability Title:SQL Injection in Online Banking System Login Function
Vulnerability Details:
Multiple SQL injection vulnerabilities were identified in the customer and staff login interfaces of the Online Banking System. The vulnerabilities allow unauthenticated attackers to extract sensitive database information including user credentials, database structure, and other confidential data.
Affected Components:
Customer Login Page (/banking/index.php)
Staff Login Page (/banking/staff_login.php)
Proof of Concept:
Navigate to the login page
In username field, enter: 1' AND extractvalue(1,concat(0x7e,database()))--
System returns: XPATH syntax error: '~bnak_db'
Database name bnak_dbis successfully extracted
Impact:
Attackers can completely compromise the database containing customer financial information and administrative credentials.
Environment:
PHP-based web application
MySQL database
Reproducible in standard LAMP/Windows environments |
|---|
| 원천 | ⚠️ https://github.com/Nianalb/Report_Online-Banking-System/blob/main/SQL.docx |
|---|
| 사용자 | Nianalb (UID 91431) |
|---|
| 제출 | 2025. 11. 06. PM 03:29 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 11. 16. PM 09:24 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 332611 [g33kyrash Online-Banking-System 까지 12dbfa690e5af649fb72d2e5d3674e88d6743455 /index.php 사용자 이름 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|