FirstBlood-#686 — Sql injection on /vaccination-manager/login.php
This issue was discovered on FirstBlood v2
On 2021-10-27, newrouge Level 3 reported:
Hey, i found that vaccine-manager login portal is vulnerable to SQLi injection. And bypasses authenticatio and leaks user's PII data.
Steps:
- Go to /vaccination-manager/login.php
- Enter username as admin or Admin and password
anything' or 1=1 -- true
.
-
Redirected to /portal.php

Impact:
Along with vaccine portal access, this sql injection can be used to dump all databases on server. Using sqlmap i dumped few tables.


Thank you
newrouge
P1 CRITICAL
Endpoint: /vaccination-manager/login.php
Parameter: password
Payload: anypassword' or 1=1 -- true
FirstBlood ID: 30
Vulnerability Type: SQL Injection
There is an SQL injection on the vaccination management portal login page which results in the user being able to login as the administrator.