The Covid-19 Contact Tracing System Web App with QR Code Scanning is vulnerable in the application /cts_qr/classes/Login.php from SQL-Injection-Bypass-Authentication m0re info: <https://portswigger.net/support/using-sql-injection-to-bypass-authentication>. The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads. When the user will sending a malicious query or malicious payload to the MySQL server he can bypass the login credentials and take control of the administer account.
Recent assessments:
nu11secur1ty at August 31, 2021 2:17pm UTC reported:
public function login(){
extract($_POST);
$qry = $this->conn->query("SELECT * from users where username = '$username' and password = md5('$password') ");
if($qry->num_rows > 0){
foreach($qry->fetch_array() as $k => $v){
if(!is_numeric($k) && $k != 'password'){
$this->settings->set_userdata($k,$v);
}
}
public function login(){
extract($_POST);
$qry = $this->conn->query("SELECT * from users where username = ('$username') and password = md5('$password') ");
if($qry->num_rows > 0){
foreach($qry->fetch_array() as $k => $v){
if(!is_numeric($k) && $k != 'password'){
$this->settings->set_userdata($k,$v);
}
}
The Covid-19 Contact Tracing System Web App with QR Code Scanning CTS-QR (by: oretnom23 ) v1.0 is vulnerable in the application /cts_qr/classes/Login.php from SQL-Injection-Bypass-Authentication
m0re info: <https://portswigger.net/support/using-sql-injection-to-bypass-authentication>.
The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads.
When the user will sending a malicious query or malicious payload to the MySQL server he can bypass the login credentials and take control of the administer account.
* – [+] `The owner is not satisfied with the fact that all his projects are using the same broken MySQL query architecture.` =)
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5