WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass

vendor:

User Management System with PHP & MySQL

by:

Aakash Madaan

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: User Management System with PHP & MySQL

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10

2020

WebDamn User Registration & Login System with User Panel – SQLi Auth Bypass

An attacker can bypass the user login panel with only an email address by using a payload of <email>' OR '1'='1 in both the username and password fields.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass
# Date: 18-11-2020
# Exploit Author: Aakash Madaan
# Vendor Homepage: https://webdamn.com/
# Software Link : https://webdamn.com/user-management-system-with-php-mysql/
# Version: N/A (Default)
# Tested on: Windows 10 professional

Steps to reproduce:
1. Open user login page using following URl:
-> http://localhost/login.php <http://localhost/login.html>

2. If attacker get access to valid email address ( leaked data or by any
other means) then he/she can use the email address as follows:
Payload: <email>' OR '1'='1
NOTE: Use the above payload in both username and password fields

3. Server accepts the payload and the attacker is able to bypass the user
login panel with only email address.