| タイトル | yashpokharna2555 restaurent-management-system 1 SQL Injection |
|---|
| 説明 | A vulnerability has been found in yashpokharna2555 restaurent-management-system. The password reset entrypoint `forgotpassword.php` uses the attacker-controlled `email` POST parameter directly in SQL statements without parameterization. Specifically, the application concatenates `$_POST['email']` into both a SELECT query for reset lookup and an UPDATE query for reset token write-back. Dynamic verification confirmed exploitable blind SQL injection, including boolean-based blind and time-based blind techniques. The backend DBMS was identified as MySQL and the current database name `testing` could be retrieved.
|
|---|
| ソース | ⚠️ https://github.com/yashpokharna2555/restaurent-management-system/issues/3 |
|---|
| ユーザー | wr0ld (UID 98487) |
|---|
| 送信 | 2026年05月27日 10:31 (1 月 ago) |
|---|
| モデレーション | 2026年06月27日 20:10 (1 month later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 374493 [yashpokharna2555 restaurent-management-system POST Parameter /forgotpassword.php email SQLインジェクション] |
|---|
| ポイント | 20 |
|---|