Skip to content
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CVE-nu11secur1ty/vendors/janobe/CVE-nu11-12-09162021/
CVE-nu11secur1ty/vendors/janobe/CVE-nu11-12-09162021/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 

CVE-nu11-12-09162021

Description:

The South Gate Inn Online Reservation System © South Gate Inn is vulnerable to remote SQL-Injection-Bypass-Authentication for the admin account and XSS-Stored PWNED. remote SQL-Injection-Bypass-Authentication: https://portswigger.net/support/using-sql-injection-to-bypass-authentication. The parameters (email and Password) from the login form are not protected correctly and there is no security and escaping from malicious payloads. When the user will sending a malicious query or malicious payload to the MySQL server for login to the admin account on the system, he can bypass the login credentials and take control of this account. And the second time he can access the admin account and adding a payload by using the XSS-Stored technique which can break the MySQL server.

Reproduce:

href

Proof:

href