Hi All,
I am Maloy Roy Orko.
Recently in one of my pentest research, I found a Real Estate Management System application By Script And Tools which is an open source Real Estate Management System.
It is made with PHP, MYSQL, JAVASCRIPT.
Curious to explore its functionalities downloaded and set it up in my local system.
After fiddling with the source code, I found that it did not have any kind of security against Sql injection in the admin panel /admin/. Anyone can use SQL Injection Admin Bypass Payloads and login in to admin panel!
It can lead into:
- Malware Distribution
- Unauthorized Access
- Data Breach
- Web Shell Installation
- Reputation Damage
The Main Thing Is,If any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too.Thats why I am trying to inform everyone about this.
Title of the Vulnerability:
Script And Tools | Real Estate Management System 1.0 | SQL Injection Admin Bypass In /admin/
Vulnerability Class: SQL Injection
Product Name: Real Estate Management System
Vendor: https://github.com/scriptandtools/
Vulnerable Product Link: https://github.com/scriptandtools/Real-Estate-website-in-PHP
Technical Details & Description:
The application source code is coded in a way which allows To Access /admin/ via SQL Injection Admin Bypass Payloads!
Product & Service Introduction: Real Estate Management System
Observation & Exploitation:
Here,The Vulnerable File Is:
/admin/
Lets Exploit 🌠🗝️🔐:
Step-1:
First,Go To The Vulnerable Location:
Example:
http://192.168.0.100:8080/reali/admin/
Step-2:
Now use SQL Admin Bypass Payloads Like:
' or 1=1 limit 1 -- -+
use it in both username and password field!
Result will be like this:
So,This indicates that the /admin/ is vulnerable to SQL Injection
Conclusion :-
The main aim of this article is to show that if any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too. But I also hope that it helps to give you ideas of how combining attacks can make them much more potent.