Отправить #399711: SourceCodester Simple Forum Website 1.0 SQL Injection
| Название | SourceCodester Simple Forum Website 1.0 SQL Injection |
|---|---|
| Описание | SQL Injection vulnerability was discovered in Sourcecodester's Sentiment Based Movie Success Rating Prediction System (user registration) Official Website: https://www.sourcecodester.com/php/15104/sentiment-based-movie-rating-system-using-phpoop-free-source-code.html Version: 1.0 Related Code file: /msrps/classes/Users.php The email variable is directly inserted into the SQL query without any escaping or parameterization. An attacker could inject malicious SQL code by manipulating the email field. in (line number 135 of Users.php) Injection parameter: email Step to Reproduce: 1. Install and Setup the Movie Rating Application 2. click of Login 3. Click on Create a New Account Option 4. Fill the form and intercept the POST request in burp and copy the request 5. Store this request in a .txt file eg: register_req.txt 6. Run sqlmap `sqlmap -r register_req.txt -p email` Observe the SQL injection |
| Источник | ⚠️ https:/ |
| Пользователь | guru (UID 74056) |
| Представление | 29.08.2024 11:50 (2 лет назад) |
| Модерация | 30.08.2024 09:50 (22 hours later) |
| Статус | принято |
| Запись VulDB | 276222 [SourceCodester Sentiment Based Movie Rating System 1.0 User Registration Users.php?f=save_client email SQL-инъекция] |
| Баллы | 20 |