| 标题 | Authentication bypass via SQLi |
|---|
| 描述 | It is possible to bypass authentication in the COVID-19 Directory application and gain access as the administrator user, resulting in privilege escalation and leaking of PII. I have detailed the steps to reproduce in the advisory link.
Step 1) Visit the /admin page
Step 2) Use thew following SQLi payload in the 'username' field: admin'or 1=1 or ''='
This gives the attacker admin access.
|
|---|
| 来源 | ⚠️ https://medium.com/@shaunwhorton/authentication-bypass-and-xss-in-covid-19-directory-system-c5a126e156f1 |
|---|
| 用户 | swhorton (UID 26133) |
|---|
| 提交 | 2022-04-12 11時19分 (4 年前) |
|---|
| 管理 | 2022-04-12 11時45分 (26 minutes later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 196882 [NCDC Covid-19 Directory on Vaccination /admin 用户名 SQL注入] |
|---|
| 积分 | 19 |
|---|