Skip to content

Latest commit

 

History

History
35 lines (26 loc) · 1.25 KB

keerti1924 publicly exposed password hashes.md

File metadata and controls

35 lines (26 loc) · 1.25 KB
Raw

Vulnerability Details

Credits:

Reigz Macolor (https://github.com/reigz/)

Tested On:

PHP-MYSQL-User-Login-System 1.0

Affected Version:

keerti1924/PHP-MYSQL-User-Login-System 1.0

Affected Site Page:

/login.php

Affected Code:

https://github.com/keerti1924/PHP-MYSQL-User-Login-System/blob/main/login.sql

Related CWE:

CWE-540: Inclusion of Sensitive Information in Source Code

Details:

Exposed Login Credentials containing username, email, and passwords on the GitHub Page (hashes redacted by me for responsible disclosure).

INSERT INTO `users` (`id`, `username`, `email`, `password`) VALUES
(1, 'Ajay Kumar', 'ajay@gmail.com', '12***'),
(2, 'Amit', 'amit@gmail.com', '12**'),
(3, 'Keerti Panwar', 'keerti@gmail.com', '$2y$10$g******************lDntZ7ZXDD*********'),
(4, 'Ankita', 'ankita@gmail.com', '$2y$10$ZuW****************************pyEyRhtK'),
(5, 'Keerti Panwar', 'keerti1234@gmail.com', '$2y$10$PL6o************************osRIWEh1H.0Zi');

Vulnerability Impact:

As an attacker, can do the following:

  1. Crack the passwords provided the hashes are visible.