| Title | SQL Injection in Login page News Portal 1.0 |
|---|
| Description | It was possible to run SQL commands on the login page, specifically on the username parameter in deauthenticated mode. As an aggravating factor, it is possible to log into the application using the following payload: admin' OR '1'='1--
PoC: https://youtu.be/V62MSWhLGL4
Other informations:
https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html
https://owasp.org/www-community/attacks/SQL_Injection
|
|---|
| Source | ⚠️ https://www.sourcecodester.com/php/16067/best-online-news-portal-project-php-free-download.html |
|---|
| User | Anonymous User |
|---|
| Submission | 02/12/2023 02:09 (3 years ago) |
|---|
| Moderation | 02/12/2023 08:28 (6 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 220644 [SourceCodester Best Online News Portal 1.0 Login Page Username sql injection] |
|---|
| Points | 20 |
|---|