从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 漏洞标题: - SourceCodester Online Food Menu 1.0 SQL Injection 2. 漏洞描述: - Dear Vuldb - I hope this message finds you well. I would like to report a SQL injection vulnerability I discovered in the sourcecodester of the Online Food Menu Using PHP and MySQL with Source Code during my testing. 3. 受影响的URL/Endpoint: - 4. 易受攻击的参数: - 5. 风险级别: - 高(允许恶意用户执行任意SQL查询) 6. 复现步骤: 1. 导航到Admin区域页面。 2. 使用burpsuite等代理拦截“delete-menu”请求。 3. 输入payload 来触发SQL注入。 4. 菜单在运行sqlmap后也对以下攻击类型易受攻击: - 布尔盲注 - 错误盲注 - 堆叠查询 7. 漏洞类型: - 布尔盲注 - 错误盲注 - 堆叠查询 8. 相关链接: - MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE) - MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET) - MySQL >= 5.0.12 stacked queries (comment) 这些信息详细描述了漏洞的性质、影响范围以及如何复现和利用。