Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-30092: GitHub - nawed20002/CVE-2023-30092

SourceCodester Online Pizza Ordering System v1.0 is vulnerable to SQL Injection via the QTY parameter.

CVE
Open in Source
#sql#vulnerability#web#dos#git#php#auth

CVE-2023-30092****All Details about CVE-2023-30092

Software: Online Pizza Ordering System 1.0

Software Link: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html

Vulnerability Type: SQL Injection

Affected Component: QTY Parameter

Impact Denial of Service: True

Impact Code execution : True

Attack Type: Remote

Vendor of Product: Sourcecodester

Description:

SQL injection (SQLi) is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. The vulnerability exists in Sourcecodester Online Pizza Ordering System 1.0 in QTY parameter found during updating the cart in AJAX.php endpoint.

The Affected URL where the vulnerable parameter can be found : http://HOST/php-opos/admin/ajax.php?action=update_cart_qty

Impact: SQL injection attack can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information

Vulnerability Description:

The QTY parameter is vulnerable to SQL injection, which allows an attacker to modify the behavior of the application and access data they should not be able to. By submitting a specially crafted payload containing SQL statements, we were able to generate an SQL error message. This indicates that the application is vulnerable to SQL injection attacks.

Reproduction/ exploit Steps: To reproduce this vulnerability:

  1. Navigate to the Online Pizza Ordering System application.

  2. Add a few items to the cart.

  3. Update the cart by updating the QTY of of item.

  1. Intercept the HTTP request send it to the repeater and then add single Quote (`) to get the sql error in response from server

  2. An SQL error message is displayed, indicating that the application is vulnerable to SQL injection.

  3. Insert the mentioned payload in QTY parameter on the above request to confirm that the application is vulnerable to SQL injection.

Payload : (CASE WHEN (9603=9603) THEN SLEEP(5) ELSE 9603 END)

  1. To exploit it further, send the above request to SQLmap to exploit database.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE