जमा करें #855010: SourceCodester Online Book Store System 1.0 SQL Injectionजानकारी

शीर्षकSourceCodester Online Book Store System 1.0 SQL Injection
विवरणThe Online Book Store System v1.0 is vulnerable to SQL Injection in the administrative authentication functionality. The application fails to properly sanitize user-supplied input before incorporating it into backend SQL queries. An attacker can exploit this issue by supplying a crafted SQL payload in the username parameter during the login process. Using the payload: ' OR 1=1-- - and any arbitrary password, authentication can be bypassed successfully, resulting in unauthorized access to the administrative dashboard. Successful exploitation allows a remote unauthenticated attacker to obtain administrator-level access, potentially leading to complete compromise of application data, user information, administrative functions, and system integrity. Affected Component: Admin Login Page (admin/login.php) Vulnerability Type: SQL Injection (Authentication Bypass) Impact: * Administrative account takeover * Unauthorized access to sensitive data * Data manipulation and deletion * Full compromise of administrative functionality Vendor notified: Pending
स्रोत⚠️ https://medium.com/@gauravkumar67482/sql-injection-leading-to-authentication-bypass-43b773da1967
उपयोगकर्ता
 Gaurav kumar (UID 98267)
सबमिशन10/06/2026 11:52 AM (1 महीना पहले)
संयम12/07/2026 08:00 PM (1 month later)
स्थितिस्वीकृत
VulDB प्रविष्टि377887 [SourceCodester Online Book Store System 1.0 admin/login.php उपयोगकर्ता नाम SQL इंजेक्शन]
अंक20

Do you know our Splunk app?

Download it now for free!