从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 漏洞标题:SourceCodester Simple Forum Website 1.0 SQL Injection 2. 漏洞描述: - SQL Injection vulnerability was discovered in Sourcecodester's Sentiment Based Movie Success Rating Prediction System (user registration) - SQL Injection vulnerability was found in the Sentiment Based Movie Success Rating Prediction System of SourceCodester. 3. 受影响的版本:1.0 4. 相关代码文件:/msrps/classes/Users.php 5. 漏洞细节: - The email variable is directly inserted into the SQL query without any escaping or parameterization. - An attacker could inject malicious SQL code by manipulating the email field. - Line number 135 of Users.php is affected. 6. 复现步骤: 1. Install and Setup the Movie Rating Application 2. Click on Login 3. Click on Create a New Account Option 4. Fill the form and intercept the POST request in burp and copy the request 5. Store this request in a .txt file eg: register_req.txt 6. Run sqlmap 7. Observe the SQL injection 8. 提交信息: - Source: https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-SQLi-Sentiment-Based-Moive-Rating.md - User: guru (ID 74056) - Submission Date: 08/29/2024 11:50 AM (2 days ago) - Moderation Date: 08/30/2024 09:50 AM (22 hours later) 这些信息详细描述了漏洞的性质、受影响的系统、复现步骤以及提交和审核的时间。