Submit #855010: SourceCodester Online Book Store System 1.0 SQL Injection
| Titel | SourceCodester Online Book Store System 1.0 SQL Injection |
|---|---|
| Beschreibung | The Online Book Store System v1.0 is vulnerable to SQL Injection in the administrative authentication functionality. The application fails to properly sanitize user-supplied input before incorporating it into backend SQL queries. An attacker can exploit this issue by supplying a crafted SQL payload in the username parameter during the login process. Using the payload: ' OR 1=1-- - and any arbitrary password, authentication can be bypassed successfully, resulting in unauthorized access to the administrative dashboard. Successful exploitation allows a remote unauthenticated attacker to obtain administrator-level access, potentially leading to complete compromise of application data, user information, administrative functions, and system integrity. Affected Component: Admin Login Page (admin/login.php) Vulnerability Type: SQL Injection (Authentication Bypass) Impact: * Administrative account takeover * Unauthorized access to sensitive data * Data manipulation and deletion * Full compromise of administrative functionality Vendor notified: Pending |
| Quelle | ⚠️ https:/ |
| Benutzer | Gaurav kumar (UID 98267) |
| Einreichung | 10.06.2026 11:52 (vor 1 Monat) |
| Moderieren | 12.07.2026 20:00 (1 month later) |
| Status | Akzeptiert |
| VulDB Eintrag | 377887 [SourceCodester Online Book Store System 1.0 admin/login.php Benutzername SQL Injection] |
| Punkte | 20 |