| Título | SQL Injection in Login page News Portal 1.0 |
|---|
| Descrição | It was possible to run SQL commands on the login page, specifically on the username parameter in deauthenticated mode. As an aggravating factor, it is possible to log into the application using the following payload: admin' OR '1'='1--
PoC: https://youtu.be/V62MSWhLGL4
Other informations:
https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html
https://owasp.org/www-community/attacks/SQL_Injection
|
|---|
| Fonte | ⚠️ https://www.sourcecodester.com/php/16067/best-online-news-portal-project-php-free-download.html |
|---|
| Utilizador | Anonymous User |
|---|
| Submissão | 12/02/2023 02h09 (há 3 anos) |
|---|
| Moderação | 12/02/2023 08h28 (6 hours later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 220644 [SourceCodester Best Online News Portal 1.0 Login Page Nome de utilizador Injeção SQL] |
|---|
| Pontos | 20 |
|---|