| 제목 | SQL Injection in Login page News Portal 1.0 |
|---|
| 설명 | It was possible to run SQL commands on the login page, specifically on the username parameter in deauthenticated mode. As an aggravating factor, it is possible to log into the application using the following payload: admin' OR '1'='1--
PoC: https://youtu.be/V62MSWhLGL4
Other informations:
https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html
https://owasp.org/www-community/attacks/SQL_Injection
|
|---|
| 원천 | ⚠️ https://www.sourcecodester.com/php/16067/best-online-news-portal-project-php-free-download.html |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2023. 02. 12. AM 02:09 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 02. 12. AM 08:28 (6 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 220644 [SourceCodester Best Online News Portal 1.0 Login Page 사용자 이름 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|