Submit #83540: SourceCodester Online Eyewear Shop SQL Injection
Title | SourceCodester Online Eyewear Shop SQL Injection |
---|---|
Description | The application Online Eyewear Shop is vulnerable to SQL Injection Error-based attacks. The vulnerable parameter is the "id" GET param inside the following requested URL: - http://localhost/oews/?p=products/view_product&id=* The above URL is related to the following source code file: - oews/products/view_product.php The payloads I used to determine whether the application is vulnerable are the followings: - id=7' AND '1'='2 -> The application prints an error alert and kicks me out of the page - id=7' AND '1'='1 -> The application approves the query and shows me the product related to the id equal to 7 |
User | secpconti (ID 40229) |
Submission | 03/02/2023 23:53 (1 Year ago) |
Moderation | 04/02/2023 08:29 (9 hours later) |
Accepted | Accepté |
VulDB Entry | VDB-220195 |