FirstBlood-#686 — Sql injection on /vaccination-manager/login.php
This issue was discovered on FirstBlood v2 (issues patched)
On 2021-10-27, newrouge Level 3 reported:
Hey, i found that vaccine-manager login portal is vulnerable to SQLi injection. And bypasses authenticatio and leaks user's PII data.
- Go to /vaccination-manager/login.php
- Enter username as admin or Admin and password
anything' or 1=1 -- true.
Redirected to /portal.php
Along with vaccine portal access, this sql injection can be used to dump all databases on server. Using sqlmap i dumped few tables.
anypassword' or 1=1 -- true
FirstBlood ID: 30
Vulnerability Type: SQL Injection
There is an SQL injection on the vaccination management portal login page which results in the user being able to login as the administrator.