| Titre | SourceCodester Online Book Store System 1.0 SQL Injection |
|---|
| Description | The Online Book Store System v1.0 is vulnerable to SQL Injection in the administrative authentication functionality.
The application fails to properly sanitize user-supplied input before incorporating it into backend SQL queries. An attacker can exploit this issue by supplying a crafted SQL payload in the username parameter during the login process.
Using the payload:
' OR 1=1-- -
and any arbitrary password, authentication can be bypassed successfully, resulting in unauthorized access to the administrative dashboard.
Successful exploitation allows a remote unauthenticated attacker to obtain administrator-level access, potentially leading to complete compromise of application data, user information, administrative functions, and system integrity.
Affected Component:
Admin Login Page (admin/login.php)
Vulnerability Type:
SQL Injection (Authentication Bypass)
Impact:
* Administrative account takeover
* Unauthorized access to sensitive data
* Data manipulation and deletion
* Full compromise of administrative functionality
Vendor notified: Pending
|
|---|
| La source | ⚠️ https://medium.com/@gauravkumar67482/sql-injection-leading-to-authentication-bypass-43b773da1967 |
|---|
| Utilisateur | Gaurav kumar (UID 98267) |
|---|
| Soumission | 10/06/2026 11:52 (il y a 1 mois) |
|---|
| Modérer | 12/07/2026 20:00 (1 month later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 377887 [SourceCodester Online Book Store System 1.0 admin/login.php Nom d'utilisateur injection SQL] |
|---|
| Points | 20 |
|---|