Code-Projects Jonnys Liquor SQL Injection Vulnerability in GET Parameter Handler
Vulnerability
A SQL injection vulnerability has been identified in Code-Projects Jonnys Liquor version 1.0. The issue arises in the file '/detail.php', where the 'Product' GET parameter is manipulated, leading to unauthorized database access. This vulnerability allows remote exploitation without authentication.
Impact
Exploitation of this vulnerability could result in unauthorized access to the database, allowing attackers to leak, modify, or delete sensitive information such as user data, passwords, and payment details. Additionally, this could lead to a full system compromise or a denial-of-service condition.
Reproduction
The vulnerability can be reproduced by sending a crafted GET request to '/detail.php' with the 'product' parameter. Various payloads can be used to exploit the SQL injection, including boolean-based blind, error-based, time-based blind, and UNION query injections. Tools like sqlmap can automate the exploitation process.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.