Title | https://www.sourcecodester.com/users/tips23 Web PHP 1 SQL Injection |
---|
Description | Exploit Title: Simple Online Bidding System SQL Injection
Date: 4/08/2023
Exploit Author: y3thu
Vendor Homepage: https://www.sourcecodester.com/users/tips23
Software Link: https://www.sourcecodester.com/php/14558/simple-online-bidding-system-using-phpmysqli-source-code.html
Attack Vector: WEB, Network
Testeted on: Kali Linux
Description: The SQL injection vulnerability in an online bidding system allows attackers to inject malicious SQL code through input fields, compromising the system's database. This enables unauthorized access to sensitive data, manipulation of bids, and potential denial-of-service attacks. Mitigation involves strict input validation, parameterized queries, database access controls, security testing, and user education to prevent exploitation and ensure system integrity. |
---|
Source | ⚠️ https://github.com/yethu123/vulns-finding/blob/main/Simple%20Online%20Bidding%20System.md |
---|
User | y3thu (ID 52000) |
---|
Submission | 2024-02-29 19:01 (3 months ago) |
---|
Moderation | 2024-03-01 08:45 (14 hours later) |
---|
Status | Przyjęty |
---|
VulDB Entry | 255393 |
---|