Skip to content

nawed20002/CVE-2023-30092

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

CVE-2023-30092

All Details about CVE-2023-30092

Software: Online Pizza Ordering System 1.0

Software Link: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html

Vulnerability Type: SQL Injection

Affected Component: QTY Parameter

Impact Denial of Service: True

Impact Code execution : True

Attack Type: Remote

Vendor of Product: Sourcecodester

Description:

SQL injection (SQLi) is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. The vulnerability exists in Sourcecodester Online Pizza Ordering System 1.0 in QTY parameter found during updating the cart in AJAX.php endpoint.

The Affected URL where the vulnerable parameter can be found : http://HOST/php-opos/admin/ajax.php?action=update_cart_qty

Impact: SQL injection attack can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information

Vulnerability Description:

The QTY parameter is vulnerable to SQL injection, which allows an attacker to modify the behavior of the application and access data they should not be able to. By submitting a specially crafted payload containing SQL statements, we were able to generate an SQL error message. This indicates that the application is vulnerable to SQL injection attacks.

Reproduction/ exploit Steps: To reproduce this vulnerability:

  1. Navigate to the Online Pizza Ordering System application.

  2. Add a few items to the cart.

  3. Update the cart by updating the QTY of of item.

1

  1. Intercept the HTTP request send it to the repeater and then add single Quote (`) to get the sql error in response from server

2

  1. An SQL error message is displayed, indicating that the application is vulnerable to SQL injection.

  2. Insert the mentioned payload in QTY parameter on the above request to confirm that the application is vulnerable to SQL injection.

Payload : (CASE WHEN (9603=9603) THEN SLEEP(11) ELSE 9603 END)

3 Payload

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published