| 标题 | keerti1924 Online-Book-Store-Website 1.0 Blind SQL Injection |
|---|
| 描述 | The 'shop.php' script in keerti1924's Online-Book-Store-Website is vulnerable to Blind SQL Injection attacks. An attacker could exploit this vulnerability to execute arbitrary SQL queries on the underlying database, potentially leading to unauthorized access to sensitive information or data manipulation. To exploit this flaw, an attacker needs to be logged in as a normal user and inject a specially crafted payload into the 'product_name' parameter of a POST request. By observing delays in the server's response, the attacker can infer the success of the injection. Remediating this issue involves implementing robust input validation and parameterized queries to prevent SQL injection attacks, along with enforcing the principle of least privilege to limit the impact of such vulnerabilities. |
|---|
| 来源 | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/Blind%20SQL%20Injection%20%20Shop/Blind%20SQL%20Injection%20Shop.php%20.md |
|---|
| 用户 | nochizplz (UID 64302) |
|---|
| 提交 | 2024-02-26 13時45分 (2 年前) |
|---|
| 管理 | 2024-03-07 15時35分 (10 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 256041 [keerti1924 Online-Book-Store-Website 1.0 HTTP POST Request /shop.php product_name SQL注入] |
|---|
| 积分 | 20 |
|---|