| Kura | SourceCodester News Portal 1.0 SQL Injection |
|---|
| Gaskiya | A SQL injection vulnerability was discovered in Sourcecodester's 101+ News Station (News Portal) Comment Section **name** parameter was vulnerable with blind time based SQL injection
Product: https://www.sourcecodester.com/php/16067/best-online-news-portal-project-php-free-download.html
Affected Code: /news-details.php
Line : 19
POC:
1. Download and setup the portal
2. visit any post and make a comment by following step
3. add SQLinjection payload
' AND (SELECT 7178 FROM (SELECT(SLEEP(20)))MFQU) AND 'aOrZ'='aOrZ
in username field
4. add any valid email and comment and hit submit
5. Observe the SQLi
|
|---|
| Manga | ⚠️ https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-News-Portal-Comment-Blind-SQLi.md |
|---|
| Màdùmga | guru (UID 74056) |
|---|
| Furta | 09/18/2024 05:28 (1 Shettima 전) |
|---|
| Gargajiya | 09/19/2024 18:02 (2 days later) |
|---|
| Halitta | Shingilam |
|---|
| VulDB gite | 278164 [SourceCodester Best Online News Portal 1.0 Comment Section /news-details.php Sunu SQL Injection] |
|---|
| Nganji | 20 |
|---|