| 标题 | SQL Injection in Delete tasks in Task Reminder System 1.0 |
|---|
| 描述 | It was possible to locate at least one point vulnerable to sql injection, more specifically in the "Master.php" file, so that an attacker Administrator or Staff of the application can carry out the exploitation.
PoC Video: https://youtu.be/o46oHLvY2-E
References:
https://portswigger.net/web-security/sql-injection#:~:text=SQL%20injection%20(SQLi)%20is%20a,not%20normally%20able%20to%20retrieve.
https://owasp.org/www-community/attacks/SQL_Injection |
|---|
| 来源 | ⚠️ https://www.sourcecodester.com/php/16451/task-reminder-system-php-and-mysql-source-code-free-download.html |
|---|
| 用户 | Anonymous User |
|---|
| 提交 | 2023-04-18 04時49分 (3 年前) |
|---|
| 管理 | 2023-04-18 12時50分 (8 hours later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 226271 [SourceCodester Task Reminder System 1.0 Master.php 标识符 SQL注入] |
|---|
| 积分 | 20 |
|---|