SQL Injection - bypass login on B&E Tracker (by: oretnom23 ) v1.0

2021-08-26T00:00:00
ID AKB:EA650AEC-1792-4D2F-9E86-7792E578DF10
Type attackerkb
Reporter AttackerKB
Modified 2021-08-26T00:00:00

Description

Description:

The B&E Tracker (by: oretnom23 ) v1.0 is vulnerable
in the application /expense_budget/classes/Login.php which is called from /expense_budget/dist/js/script.js app.
The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads.
When the user is sending a request to the MySQL server he can bypass the login credentials and take control of the administer account.

Recent assessments:

nu11secur1ty at August 25, 2021 9:43am UTC reported:

Description:

The B&E Tracker (by: oretnom23 ) v1.0 is vulnerable
in the application /expense_budget/classes/Login.php which is called from /expense_budget/dist/js/script.js app.
The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads.
When the user is sending a request to the MySQL server he can bypass the login credentials and take control of the administer account.

Reproduce:

<https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/B%26E%20Tracker-by:oretnom23-v1.0>

Proof:

<https://streamable.com/y3ig5h>

BR nu11secur1ty

Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5