| tiêu đề | projectworlds Hospital Database Management System v1.0 SQL Injection |
|---|
| Mô tả | ## The following are screenshots of some specific information obtained from testing and running with the sqlmap tool:
```bash
《sqlmap -u "http://192.168.37.134:333/inser_doc_process.php" --data="Doc_ID=1&Doc_fname=1&Doc_mname=1&Doc_lname=1&Doc_gender=1&Doc_DOB=1111-01-01&Doc_contactno=1&Doc_emailID=1406213367%40qq.com&Doc_Address=1&Doc_Specialist=1&Doc_DeptID=1&Doc_charge=1&save=submit" --dbs》
```
<img width="803" alt="Image" src="https://github.com/hhhanxx/attack/blob/main/20250416132619.jpg?raw=true" />
# Suggested repair
1. **Use prepared statements and parameter binding:**
Preparing statements can prevent SQL injection as they separate SQL code from user input data. When using prepare statements, the value entered by the user is treated as pure data and will not be interpreted as SQL code.
2. **Input validation and filtering:**
Strictly validate and filter user input data to ensure it conforms to the expected format.
3. **Minimize database user permissions:**
Ensure that the account used to connect to the database has the minimum necessary permissions. Avoid using accounts with advanced permissions (such as' root 'or' admin ') for daily operations.
4. **Regular security audits:**
Regularly conduct code and system security audits to promptly identify and fix potential security vulnerabilities. |
|---|
| Nguồn | ⚠️ https://github.com/hhhanxx/attack/issues/1 |
|---|
| Người dùng | attackxu (UID 84219) |
|---|
| Đệ trình | 16/04/2025 08:01 (cách đây 12 các tháng) |
|---|
| Kiểm duyệt | 28/04/2025 07:59 (12 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 306397 [projectworlds Online Examination System 1.0 /inser_doc_process.php Doc_ID Tiêm SQL] |
|---|
| điểm | 20 |
|---|