kdrypr
/ gist:999a245abb4511d43e41df1ccdbcf0cb
Created
November 25, 2020 15:02
Online-food-ordering-system SQL Injection Vulnerability
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| They include all external parameters directly in the sql query. | |
| For example-1: | |
| https://github.com/tourist5/Online-food-ordering-system/blob/main/all-tickets.php | |
| if(isset($_GET['status'])){ | |
| $status = $_GET['status']; | |
| } | |
| else{ |
kdrypr
/ your-online-shop-xss-poc.txt
Last active
June 10, 2020 22:06
Your Online Shop XSS Vulnerability
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| I found stored XSS vulnerability in userarea Name Surname field. You can exploit with this payload <img src='aa' onerror='javascript:alert(1)' > | |
| write in surname field. | |
| https://i.imgur.com/Pj1A5bE.png | |
| App Link: https://youronlineshop.sourceforge.io/sample/?userarea=1 | |
| Download link: https://sourceforge.net/projects/youronlineshop/ | |
| Version: 1.8.0 |