| Title | PHPGurukul Emergency Ambulance Hiring Portal 1.0 SQL Injection |
|---|
| Description | Bug Description:
A vulnerability has been found in Emergency Ambulance Hiring Portal 1.0 and classified as critical. It has an SQL injection vulnerability in "/admin/forgot-password.php" endpoint. The manipulation of the parameter "username" leads to SQL injection. Remote attackers can leverage this vulnerability to manipulate a web application's SQL query by injecting malicious SQL code. This can lead to unauthorized access to databases, data theft, data manipulation, and other malicious activities.
Steps to Reproduce:
# Exploit Title: Unauthenticated SQL Injection in Forgot Password Page of Emergency Ambulance Hiring Portal
# Date: 28-03-2024
# Exploit Author: dhabaleshwardas
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/emergency-ambulance-hiring-portal-using-php-and-mysql/
# Version: 1.0
# Tested on: firefox/chrome/brave
# CVE:
To exploit the vulnerability:
1- First visit the admin login endpoint http://localhost/eahp/admin/forgot-password.php .
2- Capture the request after entering random "email" and "mobile number" and save it in a file. Then using the below command on SQLmap, we can fetch the databases as "email" parameter is vulnerable to SQL injection.
python sqlmap.py -r request.txt -p username --ignore-code 401 --level 5 --risk 2 --batch --dbs |
|---|
| Source | ⚠️ https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_forgotpasssqli.md |
|---|
| User | dhabaleshwar (ID 58737) |
|---|
| Submission | 2024-03-29 12:03 (2 months ago) |
|---|
| Moderation | 2024-03-29 15:27 (3 hours later) |
|---|
| Status | Przyjęty |
|---|
| VulDB Entry | 258681 |
|---|