| عنوان | SQL Injection in Login page News Portal 1.0 |
|---|
| الوصف | It was possible to run SQL commands on the login page, specifically on the username parameter in deauthenticated mode. As an aggravating factor, it is possible to log into the application using the following payload: admin' OR '1'='1--
PoC: https://youtu.be/V62MSWhLGL4
Other informations:
https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html
https://owasp.org/www-community/attacks/SQL_Injection
|
|---|
| المصدر | ⚠️ https://www.sourcecodester.com/php/16067/best-online-news-portal-project-php-free-download.html |
|---|
| المستخدم | Anonymous User |
|---|
| ارسال | 12/02/2023 02:09 AM (3 سنوات منذ) |
|---|
| الاعتدال | 12/02/2023 08:28 AM (6 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 220644 [SourceCodester Best Online News Portal 1.0 Login Page أسم المستخدم حقن SQL] |
|---|
| النقاط | 20 |
|---|