إرسال #59418: Blood Bank Management System - SQL Injection "Unauthorized Admin Access"المعلومات

عنوان	Blood Bank Management System - SQL Injection "Unauthorized Admin Access"
الوصف	# Exploit Title: Blood Bank Management System - SQL Injection "Unauthorized Admin Access" # Exploit Author: Madhur Jain # Vendor Name: oretnom23 # Vendor Homepage: https://www.sourcecodester.com/php/14547/blood-bank-management-system-using-phpmysqli-source-code.html # Software Link: https://www.sourcecodester.com/php/14547/blood-bank-management-system-using-phpmysqli-source-code.html # Version: v1.0 # Tested on: Parrot GNU/Linux 4.10, Apache Description:- An SQL injection issue in Blood Bank Management System v.1.0 allows an attacker to login in into admin account. ` Payload used:- admin' or 1=1-- ` Parameter:- Username and Password ` Steps to reproduce:- 1. First go the admin login URL = 'http://localhost/bloodbank/login.php' 2. From there in username and password put the payload Payload: admin' or 1=1-- 3. Now press enter and we get logged in into admin account
المستخدم	Madhur Jain (UID 37979)
ارسال	22/12/2022 05:29 PM (4 سنوات منذ)
الاعتدال	25/12/2022 08:26 PM (3 days later)
الحالة	تمت الموافقة
إدخال VulDB	216773 [SourceCodester Blood Bank Management System 1.0 login.php username/password حقن SQL]
النقاط	17

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!