| Title | SourceCodester News Portal 1.0 SQL Injection |
|---|
| Description | A SQL injection vulnerability was discovered in Sourcecodester's 101+ News Station (News Portal) Comment Section **name** parameter was vulnerable with blind time based SQL injection
Product: https://www.sourcecodester.com/php/16067/best-online-news-portal-project-php-free-download.html
Affected Code: /news-details.php
Line : 19
POC:
1. Download and setup the portal
2. visit any post and make a comment by following step
3. add SQLinjection payload
' AND (SELECT 7178 FROM (SELECT(SLEEP(20)))MFQU) AND 'aOrZ'='aOrZ
in username field
4. add any valid email and comment and hit submit
5. Observe the SQLi
|
|---|
| Source | ⚠️ https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-News-Portal-Comment-Blind-SQLi.md |
|---|
| User | guru (UID 74056) |
|---|
| Submission | 09/18/2024 05:28 (2 years ago) |
|---|
| Moderation | 09/19/2024 18:02 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 278164 [SourceCodester Best Online News Portal 1.0 Comment Section /news-details.php Name sql injection] |
|---|
| Points | 20 |
|---|