FirstBlood-#780SQLi on /vaccination-manager/login.php
This issue was discovered on FirstBlood v2



On 2021-10-28, shivam18u Level 3 reported:

Hi Sean,

I found an SQL Injection vulnerability on /vaccination-manager/login.php.

With username as admin and password as xyz', it returns an sql error.

Further we can exploit it and login to admin account.

username=admin and password=-7818' OR 5112=5112#

You can see that you are redirected to /vaccination-manager/portal.php and a new cookie has been set.

Thus you can bypass the login and get admin access.

Have a nice day!

P1 CRITICAL

Endpoint: /vaccination-manager/login.php

Parameter: password

Payload: -7818' OR 5112=5112#


FirstBlood ID: 30
Vulnerability Type: SQL Injection

There is an SQL injection on the vaccination management portal login page which results in the user being able to login as the administrator.