| Titolo | Authentication bypass via SQLi |
|---|
| Descrizione | It is possible to bypass authentication in the COVID-19 Directory application and gain access as the administrator user, resulting in privilege escalation and leaking of PII. I have detailed the steps to reproduce in the advisory link.
Step 1) Visit the /admin page
Step 2) Use thew following SQLi payload in the 'username' field: admin'or 1=1 or ''='
This gives the attacker admin access.
|
|---|
| Fonte | ⚠️ https://medium.com/@shaunwhorton/authentication-bypass-and-xss-in-covid-19-directory-system-c5a126e156f1 |
|---|
| Utente | swhorton (UID 26133) |
|---|
| Sottomissione | 12/04/2022 11:19 (4 anni fa) |
|---|
| Moderazione | 12/04/2022 11:45 (26 minutes later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 196882 [NCDC Covid-19 Directory on Vaccination /admin Nome utente iniezione SQL] |
|---|
| Punti | 19 |
|---|