| عنوان | SourceCodester Online Book Store System 1.0 SQL Injection |
|---|
| الوصف | The Online Book Store System v1.0 is vulnerable to SQL Injection in the administrative authentication functionality.
The application fails to properly sanitize user-supplied input before incorporating it into backend SQL queries. An attacker can exploit this issue by supplying a crafted SQL payload in the username parameter during the login process.
Using the payload:
' OR 1=1-- -
and any arbitrary password, authentication can be bypassed successfully, resulting in unauthorized access to the administrative dashboard.
Successful exploitation allows a remote unauthenticated attacker to obtain administrator-level access, potentially leading to complete compromise of application data, user information, administrative functions, and system integrity.
Affected Component:
Admin Login Page (admin/login.php)
Vulnerability Type:
SQL Injection (Authentication Bypass)
Impact:
* Administrative account takeover
* Unauthorized access to sensitive data
* Data manipulation and deletion
* Full compromise of administrative functionality
Vendor notified: Pending
|
|---|
| المصدر | ⚠️ https://medium.com/@gauravkumar67482/sql-injection-leading-to-authentication-bypass-43b773da1967 |
|---|
| المستخدم | Gaurav kumar (UID 98267) |
|---|
| ارسال | 10/06/2026 11:52 AM (1 شهر منذ) |
|---|
| الاعتدال | 12/07/2026 08:00 PM (1 month later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 377887 [SourceCodester Online Book Store System 1.0 admin/login.php أسم المستخدم حقن SQL] |
|---|
| النقاط | 20 |
|---|