| 제목 | SourceCodester Online Eyewear Shop SQL Injection |
|---|
| 설명 | The application Online Eyewear Shop is vulnerable to SQL Injection Error-based attacks.
The vulnerable parameter is the "id" GET param inside the following requested URL:
- http://localhost/oews/?p=products/view_product&id=*
The above URL is related to the following source code file:
- oews/products/view_product.php
The payloads I used to determine whether the application is vulnerable are the followings:
- id=7' AND '1'='2 -> The application prints an error alert and kicks me out of the page
- id=7' AND '1'='1 -> The application approves the query and shows me the product related to the id equal to 7
|
|---|
| 사용자 | secpconti (UID 40229) |
|---|
| 제출 | 2023. 02. 03. PM 11:53 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 02. 04. AM 08:29 (9 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 220195 [SourceCodester Online Eyewear Shop 1.0 view_product.php 아이디 SQL 주입] |
|---|
| 포인트들 | 17 |
|---|