Skip to content

Instantly share code, notes, and snippets.

@kdrypr

kdrypr/gist:999a245abb4511d43e41df1ccdbcf0cb

Created November 25, 2020 15:02
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save kdrypr/999a245abb4511d43e41df1ccdbcf0cb to your computer and use it in GitHub Desktop.
Save kdrypr/999a245abb4511d43e41df1ccdbcf0cb to your computer and use it in GitHub Desktop.
Download ZIP
Online-food-ordering-system SQL Injection Vulnerability
Raw
gistfile1.txt
They include all external parameters directly in the sql query.
For example-1:
https://github.com/tourist5/Online-food-ordering-system/blob/main/all-tickets.php
if(isset($_GET['status'])){
$status = $_GET['status'];
}
else{
$status = '%';
}
$sql = mysqli_query($con, "SELECT * FROM comments WHERE status LIKE '$status';");
You can exploit the parameter of $status.
Example-2:
https://github.com/tourist5/Online-food-ordering-system/blob/main/view-ticket.php
You can exploit $id parameter.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment