FirstBlood-#686Sql injection on /vaccination-manager/login.php
This issue was discovered on FirstBlood v2 (issues patched)



On 2021-10-27, newrouge Level 3 reported:

Hey, i found that vaccine-manager login portal is vulnerable to SQLi injection. And bypasses authenticatio and leaks user's PII data.

Steps:

  1. Go to /vaccination-manager/login.php
  2. Enter username as admin or Admin and password anything' or 1=1 -- true .
  3. Redirected to /portal.php

Impact:

Along with vaccine portal access, this sql injection can be used to dump all databases on server. Using sqlmap i dumped few tables.

Thank you

newrouge

P1 CRITICAL

Endpoint: /vaccination-manager/login.php

Parameter: password

Payload: anypassword' or 1=1 -- true


FirstBlood ID: 30
Vulnerability Type: SQL Injection

There is an SQL injection on the vaccination management portal login page which results in the user being able to login as the administrator.