| tiêu đề | code-projects Chat System Using PHP With Source Code 1.0 SQL Injection |
|---|
| Mô tả | The user parameter in /user/addnewmember.php is not properly sanitized or parameterized, which leaves it vulnerable to SQL injection attacks. Attackers can exploit this by injecting malicious SQL code to manipulate the database queries. Utilizing time-based SQL injection methods, they can introduce intentional delays in the database response through functions such as SLEEP(). This technique can be employed to verify the existence of the vulnerability and may also be used to extract sensitive information from the database. |
|---|
| Nguồn | ⚠️ https://github.com/LamentXU123/cve/blob/main/sql_injection3.md |
|---|
| Người dùng | LamentXU (UID 78142) |
|---|
| Đệ trình | 29/01/2025 09:57 (cách đây 1 Năm) |
|---|
| Kiểm duyệt | 30/01/2025 16:09 (1 day later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 294127 [code-projects Chat System đến 1.0 /user/addnewmember.php Người dùng Tiêm SQL] |
|---|
| điểm | 20 |
|---|