| Название | SourceCodester SourceCodester KLiK Social Media Website v1.0.1 SQL Injection |
|---|
| Описание | SQL Injection vulnerability in /includes/get_message_ajax.php via c_id parameter. Unauthenticated attackers can execute arbitrary SQL commands using time-based blind injection (SLEEP(5)) and UNION-based injection to extract database information including user credentials, private messages, and system data. |
|---|
| Источник | ⚠️ https://github.com/msaad1999/KLiK-SocialMediaWebsite |
|---|
| Пользователь | g111 (UID 92409) |
|---|
| Представление | 05.04.2026 07:54 (21 дни назад) |
|---|
| Модерация | 24.04.2026 22:22 (20 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 359561 [KLiK SocialMediaWebsite до 1.0.1 Private Message get_message_ajax.php c_id SQL-инъекция] |
|---|
| Баллы | 18 |
|---|