| Título | Food ordering management system - Sql Injection in "Admin account takeover through sql injection" |
|---|
| Descripción | # Exploit Title: Food ordering management system - Sql Injection in "Admin account takeover through sql injection"
# Exploit Author: Ritik Dewan
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html
# Software Link: https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html
# Tested on: Windows 11, Apache
Description: Admin Account takeover through sql injection
Vulnerable Parameters:
username while register an account
Payload:
test' or 1=1#
##Steps To Reproduce
1)Go to register
2) Now in username enter this payload test' or 1=1#
3) After that set password of user and click on register user
4) Now after registeration you will got redirect to login page
5)enter this payload test' or 1=1# as username & type your password that you set while register as user and do login
6)Booomm you will go admin panel of food deilver app
|
|---|
| Fuente | ⚠️ https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html |
|---|
| Usuario | dewanritik (UID 33804) |
|---|
| Sumisión | 2023-05-08 18:01 (hace 3 años) |
|---|
| Moderación | 2023-05-09 14:13 (20 hours later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 228396 [SourceCodester Food Ordering Management System 1.0 Registration Nombre de usuario inyección SQL] |
|---|
| Puntos | 20 |
|---|