关键信息 漏洞详情 标题: 3 Types of SQLi in 's' param - (Time/Boolean/Error Based) in dolibarr/dolibarr CVE: CVE-2022-4093 漏洞类型: SQL Injection (CWE-89) 严重性: High (8.1) 影响版本: 16.0.1 状态: Fixed 影响 影响: SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization's systems, leading to a long-term compromise that can go unnoticed for an extended period. 发现者与修复者 发现者: Abdelrhman Allam (@sl4x0) 修复者: Laurent Destailleur (@eldy) 三种SQL注入类型 1. 时间型 - 描述: Time-based SQL Injection forces the database to wait for a specified amount of time before responding. 2. 错误型 - 描述: Error-based SQLI relies on error messages thrown by the database server to obtain information about the structure of the database. 3. 布尔型 - 描述: Boolean-based SQL Injection relies on sending an SQL query to the database which forces the application to return a different result depending on whether the query returns a TRUE or FALSE result.