| Название | keerti1924 Online-Book-Store-Website 1.0 Blind SQL Injection |
|---|
| Описание | The 'shop.php' script in keerti1924's Online-Book-Store-Website is vulnerable to Blind SQL Injection attacks. An attacker could exploit this vulnerability to execute arbitrary SQL queries on the underlying database, potentially leading to unauthorized access to sensitive information or data manipulation. To exploit this flaw, an attacker needs to be logged in as a normal user and inject a specially crafted payload into the 'product_name' parameter of a POST request. By observing delays in the server's response, the attacker can infer the success of the injection. Remediating this issue involves implementing robust input validation and parameterized queries to prevent SQL injection attacks, along with enforcing the principle of least privilege to limit the impact of such vulnerabilities. |
|---|
| Источник | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/Blind%20SQL%20Injection%20%20Shop/Blind%20SQL%20Injection%20Shop.php%20.md |
|---|
| Пользователь | nochizplz (UID 64302) |
|---|
| Представление | 26.02.2024 13:45 (2 лет назад) |
|---|
| Модерация | 07.03.2024 15:35 (10 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 256041 [keerti1924 Online-Book-Store-Website 1.0 HTTP POST Request /shop.php product_name SQL-инъекция] |
|---|
| Баллы | 20 |
|---|