| tiêu đề | SourceCodester Online Book Store System 1.0 SQL Injection |
|---|
| Mô tả | The Online Book Store System v1.0 is vulnerable to SQL Injection in the administrative authentication functionality.
The application fails to properly sanitize user-supplied input before incorporating it into backend SQL queries. An attacker can exploit this issue by supplying a crafted SQL payload in the username parameter during the login process.
Using the payload:
' OR 1=1-- -
and any arbitrary password, authentication can be bypassed successfully, resulting in unauthorized access to the administrative dashboard.
Successful exploitation allows a remote unauthenticated attacker to obtain administrator-level access, potentially leading to complete compromise of application data, user information, administrative functions, and system integrity.
Affected Component:
Admin Login Page (admin/login.php)
Vulnerability Type:
SQL Injection (Authentication Bypass)
Impact:
* Administrative account takeover
* Unauthorized access to sensitive data
* Data manipulation and deletion
* Full compromise of administrative functionality
Vendor notified: Pending
|
|---|
| Nguồn | ⚠️ https://medium.com/@gauravkumar67482/sql-injection-leading-to-authentication-bypass-43b773da1967 |
|---|
| Người dùng | Gaurav kumar (UID 98267) |
|---|
| Đệ trình | 10/06/2026 11:52 (cách đây 1 tháng) |
|---|
| Kiểm duyệt | 12/07/2026 20:00 (1 month later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 377887 [SourceCodester Online Book Store System 1.0 admin/login.php tên người dùng Tiêm SQL] |
|---|
| điểm | 20 |
|---|