从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 漏洞编号:#431685 2. 漏洞类型:SQL Injection 3. 漏洞描述: - SQL Injection vulnerability has been identified in the BloodBank Management System version 1.0, specifically within the reject request functionality. - This flaw occurs due to insufficient input validation on the reqid parameter, allowing an attacker to inject malicious SQL code into the query responsible for processing request rejections. 4. 漏洞影响: - Time-based blind SQL injection, where the injected code forces the system to sleep for a specified amount of time. - Although no data is directly exposed, attackers can infer whether the query succeeded by measuring the delay in the system's response. - Malicious actions include: - Data extraction over time. - Tampering with request records, such as canceling or altering blood donation or request statuses. - Denial of Service (DoS) attacks, impacting system availability by artificially increasing query times. 5. 漏洞来源: - https://gist.github.com/higordiego/2aba05ef2277d85ea4148dc42189eae0 6. 提交者:c4trr4ck (UID 75518) 7. 提交时间:2024年10月25日 21:45 8. 审核时间:2024年10月26日 15:43 9. 状态:已接受 10. VulDB Entry编号:281956 11. 积分:20