| 标题 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 SQL Injection |
|---|
| 描述 | Bug Description:
A vulnerability has been found in Emergency Ambulance Hiring Portal 1.0 and classified as critical. It has an SQL injection vulnerability in "/admin/forgot-password.php" endpoint. The manipulation of the parameter "username" leads to SQL injection. Remote attackers can leverage this vulnerability to manipulate a web application's SQL query by injecting malicious SQL code. This can lead to unauthorized access to databases, data theft, data manipulation, and other malicious activities.
Steps to Reproduce:
# Exploit Title: Unauthenticated SQL Injection in Forgot Password Page of Emergency Ambulance Hiring Portal
# Date: 28-03-2024
# Exploit Author: dhabaleshwardas
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/emergency-ambulance-hiring-portal-using-php-and-mysql/
# Version: 1.0
# Tested on: firefox/chrome/brave
# CVE:
To exploit the vulnerability:
1- First visit the admin login endpoint http://localhost/eahp/admin/forgot-password.php .
2- Capture the request after entering random "email" and "mobile number" and save it in a file. Then using the below command on SQLmap, we can fetch the databases as "email" parameter is vulnerable to SQL injection.
python sqlmap.py -r request.txt -p username --ignore-code 401 --level 5 --risk 2 --batch --dbs |
|---|
| 来源 | ⚠️ https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_forgotpasssqli.md |
|---|
| 用户 | dhabaleshwar (UID 58737) |
|---|
| 提交 | 2024-03-29 12時03分 (2 年前) |
|---|
| 管理 | 2024-03-29 15時27分 (3 hours later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 258681 [PHPGurukul Emergency Ambulance Hiring Portal 1.0 Forgot Password Page forgot-password.php 用户名 SQL注入] |
|---|
| 积分 | 20 |
|---|