Online Book Store 1.0 - 'id' SQL Injection

vendor:

Online Book Store

by:

Moaaz Taha (0xStorm)

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Online Book Store

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:sourcecodester:online_book_store:1.0

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10 Pro 1909 (x64_86) + XAMPP 3.2.4

2020

Online Book Store 1.0 – ‘id’ SQL Injection

This parameter 'id' is vulnerable to Union-Based blind SQL injection in this path '/online%20book%20store/detail.php?id=44' that leads to retrieve all databases.

Mitigation:

Input validation, parameterized queries, and stored procedures can help mitigate SQL injection attacks.

Source

Online Book Store 1.0 – ‘id’ SQL Injection

Mitigation:

Exploit-DB raw data: