| عنوان | Food ordering management system - Sql Injection in "Admin account takeover through sql injection" |
|---|
| الوصف | # Exploit Title: Food ordering management system - Sql Injection in "Admin account takeover through sql injection"
# Exploit Author: Ritik Dewan
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html
# Software Link: https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html
# Tested on: Windows 11, Apache
Description: Admin Account takeover through sql injection
Vulnerable Parameters:
username while register an account
Payload:
test' or 1=1#
##Steps To Reproduce
1)Go to register
2) Now in username enter this payload test' or 1=1#
3) After that set password of user and click on register user
4) Now after registeration you will got redirect to login page
5)enter this payload test' or 1=1# as username & type your password that you set while register as user and do login
6)Booomm you will go admin panel of food deilver app
|
|---|
| المصدر | ⚠️ https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html |
|---|
| المستخدم | dewanritik (UID 33804) |
|---|
| ارسال | 08/05/2023 06:01 PM (3 سنوات منذ) |
|---|
| الاعتدال | 09/05/2023 02:13 PM (20 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 228396 [SourceCodester Food Ordering Management System 1.0 Registration أسم المستخدم حقن SQL] |
|---|
| النقاط | 20 |
|---|