| ଶୀର୍ଷକ | SourceCodester News Portal 1.0 SQL Injection |
|---|
| ବର୍ଣ୍ଣନା | A SQL injection vulnerability was discovered in Sourcecodester's 101+ News Station (News Portal) Comment Section **name** parameter was vulnerable with blind time based SQL injection
Product: https://www.sourcecodester.com/php/16067/best-online-news-portal-project-php-free-download.html
Affected Code: /news-details.php
Line : 19
POC:
1. Download and setup the portal
2. visit any post and make a comment by following step
3. add SQLinjection payload
' AND (SELECT 7178 FROM (SELECT(SLEEP(20)))MFQU) AND 'aOrZ'='aOrZ
in username field
4. add any valid email and comment and hit submit
5. Observe the SQLi
|
|---|
| ଉତ୍ସ | ⚠️ https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-News-Portal-Comment-Blind-SQLi.md |
|---|
| ଉପଭୋକ୍ତା | guru (UID 74056) |
|---|
| ଦାଖଲ | 09/18/2024 05:28 AM (1 ବର୍ଷ ago) |
|---|
| ମଧ୍ୟମ ଧରଣର | 09/19/2024 06:02 PM (2 days later) |
|---|
| ସ୍ଥିତି | ଗ୍ରହଣ କରାଯାଇଛି |
|---|
| VulDB ଏଣ୍ଟ୍ରି | 278164 [SourceCodester Best Online News Portal 1.0 Comment Section /news-details.php ନାମ SQL ଇଞ୍ଜେକ୍ସନ] |
|---|
| ପଏଣ୍ଟ | 20 |
|---|