Skip to content

Latest commit

 

History

History

Employee-Record-Management-System-SQL-Injection-Bypass-Authentication

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 

Description:

  • SQL-Injection Bypass Authentication on PHPGURUKUL Employee Record Management System 1.2.

SQL-Injection Bypass Authentication Vulnerabilities found in PHPGURUKUL Employee Record Management System 1.2. The attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on this system.

  • Vulnerable parameters: app: index.php
username 
Password 

Vulnerable peace of code in index.php

<?php
session_start();
include('includes/dbconnection.php');

if(isset($_POST['login']))
  {
    $uname=$_POST['username'];
    $Password=$_POST['Password'];
    $query=mysqli_query($con,"select ID from tbladmin where  AdminuserName='$uname' && Password='$Password' ");
    $ret=mysqli_fetch_array($query);
    if($ret>0){
      $_SESSION['aid']=$ret['ID'];
     header('location:welcome.php');
    }
    else{
      echo "Invalid Details";
    }
  }
  ?>

The fix:

UJUmDrY0EhGhTMvbbJPqyrY+XhWS7E9JwjJj59U6OmCYUujEEpyuMWODRplwUVe5Etfn0kZ6BzCoFR1Y7MuGbp/vrDmmSwhvv40GdXPH1cCWiT702Ds7+f8n6TBgV05dnZTMvCNoOkoy/Z3de840yrQpURB8nVAaTWPX37S/YAM6iLjPQLKJ9cSZmyRGEDiFH1h6BDt1JiNJ1B9AbjsqPsT9Lt+lRBIDqocjdMP8sxkF7Xpyg9zpQ8keHeMZ6X26ejqTK6lZ3BFSZnQS3FLLEKGFzkEL3eqQW6EDfRvUl95ZrLjacBSvjABS3wYwh5RGRkT4NMnpTkkcpJl9A5K7K6HAusXmc/2U2rvTbvYgpSKsBDZ/B6dPJsw7cfO8oCjZsvV/vVnc6U4yXRvv8TILqtBN4dVMuiANnIavvDIodO1R8wgnIgpiwSkL3TpGqrrX/qrEUp9Fq5OYs4gIJz5d/5RML+u8IFAhvcfxLAOUZ6YQV9RG45eWXerjGcpyFEY2SjEbLVYUBT87e+f4yiEbvYLKtMVraSzPBohWHI7Xc+f1hJMq0rcNGzqcTyL+H1wtib2Dc9sBCEb5FzXf3/xmTgqpiZA85fhErQaFSvVxaYlZGR/Tu/vOxPvlq9DVPg5lzL0xkDTQpodKzD/xGqKsqQE6LjRkhw4xYp0pEMrBl0jsU4BCPHKeWLdBY6kevPmbATlS5CNDOdpS0NaNT8t7kC5v3LJaY6DIsFKvY74kZ+ehRZv77Wx1Zg0wt0CO4H+H

Reference:

href

Reproduce:

href

Proof and Exploit: