Enviar #34632: Authentication bypass via SQLiinformación

TítuloAuthentication bypass via SQLi
DescripciónIt is possible to bypass authentication in the COVID-19 Directory application and gain access as the administrator user, resulting in privilege escalation and leaking of PII. I have detailed the steps to reproduce in the advisory link. Step 1) Visit the /admin page Step 2) Use thew following SQLi payload in the 'username' field: admin'or 1=1 or ''=' This gives the attacker admin access.
Fuente⚠️ https://medium.com/@shaunwhorton/authentication-bypass-and-xss-in-covid-19-directory-system-c5a126e156f1
Usuario
 swhorton (UID 26133)
Sumisión2022-04-12 11:19 (hace 4 años)
Moderación2022-04-12 11:45 (26 minutes later)
EstadoAceptado
Entrada de VulDB196882 [NCDC Covid-19 Directory on Vaccination /admin Nombre de usuario inyección SQL]
Puntos19

AnteriorVisión De ConjuntoPróximo

Interested in the pricing of exploits?

See the underground prices here!