| 标题 | SourceCodester SourceCodester KLiK Social Media Website v1.0.1 SQL Injection |
|---|
| 描述 | SQL Injection vulnerability in /includes/get_message_ajax.php via c_id parameter. Unauthenticated attackers can execute arbitrary SQL commands using time-based blind injection (SLEEP(5)) and UNION-based injection to extract database information including user credentials, private messages, and system data. |
|---|
| 来源 | ⚠️ https://github.com/msaad1999/KLiK-SocialMediaWebsite |
|---|
| 用户 | g111 (UID 92409) |
|---|
| 提交 | 2026-04-05 07時54分 (22 日前) |
|---|
| 管理 | 2026-04-24 22時22分 (20 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 359561 [KLiK SocialMediaWebsite 直到 1.0.1 Private Message get_message_ajax.php c_id SQL注入] |
|---|
| 积分 | 18 |
|---|