| Título | SQL Injection in Login page News Portal 1.0 |
|---|
| Descripción | It was possible to run SQL commands on the login page, specifically on the username parameter in deauthenticated mode. As an aggravating factor, it is possible to log into the application using the following payload: admin' OR '1'='1--
PoC: https://youtu.be/V62MSWhLGL4
Other informations:
https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html
https://owasp.org/www-community/attacks/SQL_Injection
|
|---|
| Fuente | ⚠️ https://www.sourcecodester.com/php/16067/best-online-news-portal-project-php-free-download.html |
|---|
| Usuario | Anonymous User |
|---|
| Sumisión | 2023-02-12 02:09 (hace 3 años) |
|---|
| Moderación | 2023-02-12 08:28 (6 hours later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 220644 [SourceCodester Best Online News Portal 1.0 Login Page Nombre de usuario inyección SQL] |
|---|
| Puntos | 20 |
|---|