| Título | SourceCodester Online Book Store System 1.0 SQL Injection |
|---|
| Descrição | The Online Book Store System v1.0 is vulnerable to SQL Injection in the administrative authentication functionality.
The application fails to properly sanitize user-supplied input before incorporating it into backend SQL queries. An attacker can exploit this issue by supplying a crafted SQL payload in the username parameter during the login process.
Using the payload:
' OR 1=1-- -
and any arbitrary password, authentication can be bypassed successfully, resulting in unauthorized access to the administrative dashboard.
Successful exploitation allows a remote unauthenticated attacker to obtain administrator-level access, potentially leading to complete compromise of application data, user information, administrative functions, and system integrity.
Affected Component:
Admin Login Page (admin/login.php)
Vulnerability Type:
SQL Injection (Authentication Bypass)
Impact:
* Administrative account takeover
* Unauthorized access to sensitive data
* Data manipulation and deletion
* Full compromise of administrative functionality
Vendor notified: Pending
|
|---|
| Fonte | ⚠️ https://medium.com/@gauravkumar67482/sql-injection-leading-to-authentication-bypass-43b773da1967 |
|---|
| Utilizador | Gaurav kumar (UID 98267) |
|---|
| Submissão | 10/06/2026 11h52 (há 1 mês) |
|---|
| Moderação | 12/07/2026 20h00 (1 month later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 377887 [SourceCodester Online Book Store System 1.0 admin/login.php Nome de utilizador Injeção SQL] |
|---|
| Pontos | 20 |
|---|