Article Details SQL Injection Vulnerability in OopsSec Store

An article details the exploitation of a SQL injection vulnerability in the order filtering function of the OopsSec Store. This flaw allows an attacker to extract the entire contents of the user table, including email addresses, passwords, and roles. The application uses Node.js and is accessible at http://localhost:3000. The vulnerability is located in the /api/orders/search endpoint, where the status parameter is inserted directly into a SQL query without adequate sanitization. The exploitation involves intercepting a POST request and injecting a SQL payload using the UNION-based technique to extract user data. The response contains a confirmation flag: OSS{sql_1nj3ct10n_vuln3r4b1l1ty}. The recommended solution is to use parameterized queries or an ORM like Prisma to avoid SQL injection.