| 제목 | Microfinance Management System 1.0 - Authentication Bypass (SQL Injection) |
|---|
| 설명 | # Exploit Title: Microfinance Management System 1.0 - Authentication Bypass (SQL Injection)
# Date: 23/03/2022
# Exploit Author: Mr Empy
# Software Link: https://www.sourcecodester.com/php/14822/microfinance-management-system.html
# Version: 1.0
# Tested on: Linux
Title:
================
Microfinance Management System 1.0 - Authentication Bypass (SQL Injection)
Summary:
================
Microfinance Management System version 1.0 is affected by a vulnerability that allows an attacker to bypass authentication. Due to the lack of SQL sanitization, the attacker is able to gain full access to the victim's account by injecting an SQL query.
Severity Level:
================
7.3 (High)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Product:
================
Microfinance Management System v1.0
Steps to Reproduce:
================
1. Open your browser and go to the login page (http://target.com/mims/login.php).
2. In the username and password field, put the payload:
'||1=1# |
|---|
| 원천 | ⚠️ https://www.sourcecodester.com/php/14822/microfinance-management-system.html |
|---|
| 사용자 | mrempy (UID 24379) |
|---|
| 제출 | 2022. 03. 23. PM 03:47 (4 연령 ago) |
|---|
| 모더레이션 | 2022. 03. 24. AM 01:23 (10 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 195641 [SourceCodester Microfinance Management System 1.0 Login Page /mims/login.php username/password SQL 주입] |
|---|
| 포인트들 | 20 |
|---|