Submit #153544: Food ordering management system - Sql Injection in "Admin account takeover through sql injection"
| Title | Food ordering management system - Sql Injection in "Admin account takeover through sql injection" |
|---|---|
| Description | # Exploit Title: Food ordering management system - Sql Injection in "Admin account takeover through sql injection" # Exploit Author: Ritik Dewan # Vendor Name: oretnom23 # Vendor Homepage: https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html # Software Link: https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html # Tested on: Windows 11, Apache Description: Admin Account takeover through sql injection Vulnerable Parameters: username while register an account Payload: test' or 1=1# ##Steps To Reproduce 1)Go to register 2) Now in username enter this payload test' or 1=1# 3) After that set password of user and click on register user 4) Now after registeration you will got redirect to login page 5)enter this payload test' or 1=1# as username & type your password that you set while register as user and do login 6)Booomm you will go admin panel of food deilver app |
| Source | ⚠️ https:/ |
| User | dewanritik (ID 33804) |
| Submission | 05/08/2023 18:01 (12 months ago) |
| Moderation | 05/09/2023 14:13 (20 hours later) |
| Accepted | Accepted |
| VulDB Entry | VDB-228396 |