从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. **漏洞标题**:SourceCodester Simple Forum Website 1.0 SQL Injection 2. **漏洞描述**: - SQL Injection vulnerability was discovered in Sourcecodester's Sentiment Based Movie Success Rating Prediction System (user registration) - SQL Injection vulnerability was found in the Sentiment Based Movie Success Rating Prediction System of SourceCodester. 3. **受影响的版本**:1.0 4. **相关代码文件**:/msrps/classes/Users.php 5. **漏洞细节**: - The email variable is directly inserted into the SQL query without any escaping or parameterization. - An attacker could inject malicious SQL code by manipulating the email field. - Line number 135 of Users.php is affected. 6. **复现步骤**: 1. Install and Setup the Movie Rating Application 2. Click on Login 3. Click on Create a New Account Option 4. Fill the form and intercept the POST request in burp and copy the request 5. Store this request in a .txt file eg: register_req.txt 6. Run sqlmap 7. Observe the SQL injection 8. **提交信息**: - Source: https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-SQLi-Sentiment-Based-Moive-Rating.md - User: guru (ID 74056) - Submission Date: 08/29/2024 11:50 AM (2 days ago) - Moderation Date: 08/30/2024 09:50 AM (22 hours later) 这些信息详细描述了漏洞的性质、受影响的系统、复现步骤以及提交和审核的时间。