| Название | Food ordering management system - Sql Injection in "Admin account takeover through sql injection" |
|---|
| Описание | # Exploit Title: Food ordering management system - Sql Injection in "Admin account takeover through sql injection"
# Exploit Author: Ritik Dewan
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html
# Software Link: https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html
# Tested on: Windows 11, Apache
Description: Admin Account takeover through sql injection
Vulnerable Parameters:
username while register an account
Payload:
test' or 1=1#
##Steps To Reproduce
1)Go to register
2) Now in username enter this payload test' or 1=1#
3) After that set password of user and click on register user
4) Now after registeration you will got redirect to login page
5)enter this payload test' or 1=1# as username & type your password that you set while register as user and do login
6)Booomm you will go admin panel of food deilver app
|
|---|
| Источник | ⚠️ https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html |
|---|
| Пользователь | dewanritik (UID 33804) |
|---|
| Представление | 08.05.2023 18:01 (3 лет назад) |
|---|
| Модерация | 09.05.2023 14:13 (20 hours later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 228396 [SourceCodester Food Ordering Management System 1.0 Registration Имя пользователя SQL-инъекция] |
|---|
| Баллы | 20 |
|---|