Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-30092 PoC — Online Pizza Ordering System SQL注入漏洞

Source
https://github.com/nawed20002/CVE-2023-30092
Associated Vulnerability
Title:Online Pizza Ordering System SQL注入漏洞 (CVE-2023-30092)
Description:Online Pizza Ordering System是Carlo Montero个人开发者的一个在线比萨订购系统。 Online Pizza Ordering System v1.0版本存在安全漏洞,该漏洞源于通过QTY参数发现包含SQL注入攻击。
Readme
# CVE-2023-30092

# All Details about CVE-2023-30092

Software: Online Pizza Ordering System 1.0

Software Link: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html

Vulnerability Type: SQL Injection

Affected Component: QTY Parameter

Impact Denial of Service: True

Impact Code execution : True

Attack Type: Remote

Vendor of Product: Sourcecodester


# Description:

SQL injection (SQLi) is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve.  The vulnerability exists in Sourcecodester Online Pizza Ordering System 1.0 in QTY parameter found during updating the cart in AJAX.php endpoint.

The Affected URL where the vulnerable parameter can be found : http://HOST/php-opos/admin/ajax.php?action=update_cart_qty

Impact: SQL injection attack can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information

# Vulnerability Description:
The QTY parameter is vulnerable to SQL injection, which allows an attacker to modify the behavior of the application and access data they should not be able to. By submitting a specially crafted payload containing SQL statements, we were able to generate an SQL error message. This indicates that the application is vulnerable to SQL injection attacks.

Reproduction/ exploit Steps:
To reproduce this vulnerability:
1) Navigate to the Online Pizza Ordering System application.

2) Add a few items to the cart.

3)  Update the cart by updating the QTY of of item.

![1](https://user-images.githubusercontent.com/98532470/236751734-2fd065fb-bac4-4aa3-94a4-7f5a1ec6279b.png)

4) Intercept the HTTP request send it to the repeater and then add single Quote (`) to get the sql error in response from server

![2](https://user-images.githubusercontent.com/98532470/236752114-c966fdc0-5889-4b95-996f-a794242db01a.png)

5) An SQL error message is displayed, indicating that the application is vulnerable to SQL injection.

6) Insert the mentioned payload in QTY parameter on the above request to confirm that the application is vulnerable to SQL injection.

Payload : (CASE WHEN (9603=9603) THEN SLEEP(11) ELSE 9603 END)

![3 Payload](https://user-images.githubusercontent.com/98532470/236752867-c8a3dd79-f728-4f43-9c1f-25258d8e965a.png)
File Snapshot

 [4.0K]  /data/pocs/752dfeeeedfee35314720e1e20402e5071028497
└── [2.4K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.