| タイトル | Food ordering management system - Sql Injection in "Admin account takeover through sql injection" |
|---|
| 説明 | # Exploit Title: Food ordering management system - Sql Injection in "Admin account takeover through sql injection"
# Exploit Author: Ritik Dewan
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html
# Software Link: https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html
# Tested on: Windows 11, Apache
Description: Admin Account takeover through sql injection
Vulnerable Parameters:
username while register an account
Payload:
test' or 1=1#
##Steps To Reproduce
1)Go to register
2) Now in username enter this payload test' or 1=1#
3) After that set password of user and click on register user
4) Now after registeration you will got redirect to login page
5)enter this payload test' or 1=1# as username & type your password that you set while register as user and do login
6)Booomm you will go admin panel of food deilver app
|
|---|
| ソース | ⚠️ https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html |
|---|
| ユーザー | dewanritik (UID 33804) |
|---|
| 送信 | 2023年05月08日 18:01 (3 年 ago) |
|---|
| モデレーション | 2023年05月09日 14:13 (20 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 228396 [SourceCodester Food Ordering Management System 1.0 Registration ユーザー名 SQLインジェクション] |
|---|
| ポイント | 20 |
|---|