| Titre | SQL Injection in Login page News Portal 1.0 |
|---|
| Description | It was possible to run SQL commands on the login page, specifically on the username parameter in deauthenticated mode. As an aggravating factor, it is possible to log into the application using the following payload: admin' OR '1'='1--
PoC: https://youtu.be/V62MSWhLGL4
Other informations:
https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html
https://owasp.org/www-community/attacks/SQL_Injection
|
|---|
| La source | ⚠️ https://www.sourcecodester.com/php/16067/best-online-news-portal-project-php-free-download.html |
|---|
| Utilisateur | Anonymous User |
|---|
| Soumission | 12/02/2023 02:09 (il y a 3 ans) |
|---|
| Modérer | 12/02/2023 08:28 (6 hours later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 220644 [SourceCodester Best Online News Portal 1.0 Login Page Nom d'utilisateur injection SQL] |
|---|
| Points | 20 |
|---|