FirstBlood-#780 — SQLi on /vaccination-manager/login.php
This issue was discovered on FirstBlood v2
On 2021-10-28, shivam18u Level 3 reported:
I found an SQL Injection vulnerability on
With username as
adminand password as
xyz', it returns an sql error.
Further we can exploit it and login to admin account.
password=-7818' OR 5112=5112#
You can see that you are redirected to /vaccination-manager/portal.php and a new cookie has been set.
Thus you can bypass the login and get admin access.
Have a nice day!
-7818' OR 5112=5112#
FirstBlood ID: 30
Vulnerability Type: SQL Injection
There is an SQL injection on the vaccination management portal login page which results in the user being able to login as the administrator.