Gửi #672559: code-projects E-Banking System 1.0 SQL Injection
| tiêu đề | code-projects E-Banking System 1.0 SQL Injection |
|---|---|
| Mô tả | A time-based SQL injection (CWE-89) exists in E-BANKING SYSTEM (eBank/register.php) where the username POST parameter is concatenated directly into an INSERT SQL statement without proper sanitization or parameterization; an unauthenticated attacker can submit payloads such as ' AND SLEEP(5) -- to cause the database to execute arbitrary SQL (demonstrated by measurable response delays), enabling data exfiltration, modification, or other high-impact actions depending on DB privileges—remediation: stop string interpolation into SQL, use prepared statements/ORM and strong input validation, and hash passwords securely. |
| Nguồn | ⚠️ https:/ |
| Người dùng | lakshay12311 (UID 91298) |
| Đệ trình | 10/10/2025 08:04 (cách đây 8 các tháng) |
| Kiểm duyệt | 10/10/2025 15:54 (8 hours later) |
| Trạng thái | được chấp nhận |
| Mục VulDB | 327930 [code-projects E-Banking System 1.0 POST Parameter /register.php username/password Tiêm SQL] |
| điểm | 20 |