| 제목 | yashpokharna2555 restaurent-management-system 1 SQL Injection |
|---|
| 설명 | A vulnerability has been found in yashpokharna2555 restaurent-management-system. The password reset entrypoint `forgotpassword.php` uses the attacker-controlled `email` POST parameter directly in SQL statements without parameterization. Specifically, the application concatenates `$_POST['email']` into both a SELECT query for reset lookup and an UPDATE query for reset token write-back. Dynamic verification confirmed exploitable blind SQL injection, including boolean-based blind and time-based blind techniques. The backend DBMS was identified as MySQL and the current database name `testing` could be retrieved.
|
|---|
| 원천 | ⚠️ https://github.com/yashpokharna2555/restaurent-management-system/issues/3 |
|---|
| 사용자 | wr0ld (UID 98487) |
|---|
| 제출 | 2026. 05. 27. AM 10:31 (1 월 ago) |
|---|
| 모더레이션 | 2026. 06. 27. PM 08:10 (1 month later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 374493 [yashpokharna2555 restaurent-management-system POST Parameter /forgotpassword.php email SQL 주입] |
|---|
| 포인트들 | 20 |
|---|