| Titre | Food ordering management system - Sql Injection in "Admin account takeover through sql injection" |
|---|
| Description | # Exploit Title: Food ordering management system - Sql Injection in "Admin account takeover through sql injection"
# Exploit Author: Ritik Dewan
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html
# Software Link: https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html
# Tested on: Windows 11, Apache
Description: Admin Account takeover through sql injection
Vulnerable Parameters:
username while register an account
Payload:
test' or 1=1#
##Steps To Reproduce
1)Go to register
2) Now in username enter this payload test' or 1=1#
3) After that set password of user and click on register user
4) Now after registeration you will got redirect to login page
5)enter this payload test' or 1=1# as username & type your password that you set while register as user and do login
6)Booomm you will go admin panel of food deilver app
|
|---|
| La source | ⚠️ https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html |
|---|
| Utilisateur | dewanritik (UID 33804) |
|---|
| Soumission | 08/05/2023 18:01 (il y a 3 ans) |
|---|
| Modérer | 09/05/2023 14:13 (20 hours later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 228396 [SourceCodester Food Ordering Management System 1.0 Registration Nom d'utilisateur injection SQL] |
|---|
| Points | 20 |
|---|