Skip to content
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CVE-mitre/CVE-2021-36624/
CVE-mitre/CVE-2021-36624/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 

CVE-2021-36624

Vulnerable PHP code and logic: ExLogin.php

<?php
// Start the session
session_start();


include '../config/config.php';
include '../config/config1.php';
include '../config/connect.php';

 $UName = ($_POST["Username"]);
 $PW = ($_POST["Password"]);
 $PassWord=0;
 $UserName=0;
$quer= mysqli_query($conn,"SELECT * FROM user where username='$UName' AND passwourd='$PW'");
while($ss = mysqli_fetch_array($quer))
	{
	$UserName=$ss['username'];
	$PassWord=$ss['passwourd'];
	$userid=$ss['userid'];
	$name=$ss['name'];
	$profilepicture=$ss['profilepicture'];
	$IDBranch=$ss['IDBranch'];
	$role=$ss['role'];
	}

if($PassWord!=$PW || $UserName!=$UName ){
echo "<script>alert('Incorrect UserName or Password')</script>";
echo "<script>location.href='../index.php'</script>";
}
else
{
$_SESSION["Id"]=$userid;
$_SESSION["name"]=$name;
$_SESSION["profilepicture"]=$profilepicture;
$_SESSION["IDBranch"]=$IDBranch;
$_SESSION["role"]=$role;

?>

<!--<script>
var person = prompt("Please enter your name", "Harry Potter");
if (person != null) {
    document.getElementById("demo").innerHTML =
    "Hello " + person + "! How are you today?";
}
</script>-->
<script>location.href='../dashboard.php'</script>"; -->	

<?php } ?>

Description:

Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.


Reproduce:

href

Proof:

href

BR nu11secur1ty