Skip to content
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CVE-mitre/CVE-2021-38840/
CVE-mitre/CVE-2021-38840/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 

CVE-2021-38840

Vendor

Software

Description:

The Water Refilling System - PHP (by: oretnom23 ) v1.0 is vulnerable to remote SQL-Injection-Bypass-Authentication + XSS-Stored Hijacking PHPSESSID

  • m0re info: https://portswigger.net/support/using-sql-injection-to-bypass-authentication. The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads. When the user will sending a malicious query or malicious payload to the MySQL server he can bypass the login credentials and take control of the administer account.
  1. XSS - Stored PHPSESSID Vulnerable
  • The vulnerable XSS app: is "maintenance", parameters: "name" After the successful SQL injection, the malicious user can be storing an XSS payload whit who can take the active PHPSESSID session.
  1. remote PHPSESSID - Injection
  • After the successful XSS attack the malicious user can take control of the administrative account of the system from everywhere by using the PHPSESSID, and then he can make a lot of bad things!

CONCLUSION: This vendor must STOP creating all these broken projects and vulnerable software programs, probably he is not a developer!

BR

  • [+] @nu11secur1ty System Administrator - Infrastructure and Penetration Testing Engineer

Reproduce:

href

Proof:

href

BR nu11secur1ty