Online-Catering-Reservation-DT Food Catering (by: oretnom23 ) v1.0 SQL injection - login

2021-08-24T00:00:00
ID AKB:7DD22E12-DC79-418F-A67E-DEBC167DBDBE
Type attackerkb
Reporter AttackerKB
Modified 2021-08-24T00:00:00

Description

The Online-Catering-Reservation-DT Food-Catering(by: oretnom23)v1.0 is vulnerable
in the application /catering/classes/Login.php which is redirected from /catering/dist/js/script.js app.
The SQL injection can be deployed by using the username vulnerable parameter on /catering/admin/login.php.
The parameter is not protected correctly, and there is no security escaping correctly to the MySQL query on /catering/classes/Login.php
when the user is sending fake information or malicious query payload to the database.

Recent assessments:

nu11secur1ty at August 24, 2021 10:27am UTC reported:

Description:

The Online-Catering-Reservation-DT Food-Catering(by: oretnom23)v1.0 is vulnerable
in the application /catering/classes/Login.php which is called from /catering/dist/js/script.js app.
The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads.
When the user is sending a request to the MySQL server he can bypass the login credentials and take control of the administer account.

More:

<https://www.nu11secur1ty.com/2021/08/online-catering-reservation-dt-sql.html>

More:

<https://github.com/nu11secur1ty/CVE-mitre/tree/main/Online-Catering-Reservation-DT-Food-Catering>

  • and on the owner of the exploit, on the home page:
    <https://www.nu11secur1ty.com/2021/08/online-catering-reservation-dt-sql.html>

Simple proof and simple fix but not strong! =)

<https://streamable.com/7qfnkl>

BR

Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5