提交 #288211: keerti1924 Online-Book-Store-Website 1.0 Blind SQL Injection信息

标题keerti1924 Online-Book-Store-Website 1.0 Blind SQL Injection
描述The 'home.php' script in keerti1924's Online-Book-Store-Website is susceptible to Blind SQL Injection attacks, enabling attackers to execute arbitrary SQL queries on the database. Exploiting this vulnerability requires an authenticated normal user to craft a POST request with a payload injected into the 'product_name' parameter. By observing a 10-second delay in the server's response, attackers can confirm the success of the injection. Mitigation involves implementing robust input validation, parameterized queries, and restricting database user privileges to prevent SQL injection attacks effectively.
来源⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/Blind%20SQL%20Injection%20%20Home/Blind%20SQL%20Injection%20Home.php%20.md
用户
 nochizplz (UID 64302)
提交2024-02-26 14時12分 (2 年前)
管理2024-03-07 15時35分 (10 days later)
状态已接受
VulDB条目256042 [keerti1924 Online-Book-Store-Website 1.0 HTTP POST Request /home.php product_name SQL注入]
积分20

上一步一览下一步

Might our Artificial Intelligence support you?

Check our Alexa App!