Cara patch Bug Bypass Admin

 


Ok Pada kesempatan kali ini gua akan 

Sharing² ilmu :v

Cara patch bug Bypass Admin / SQL Log


Bug Ini cukup berbahaya karena para h4ck3r bisa memasuki dashboard admin tanpa harus memasukan username dan password 

Jadi bagi kalian yang membaca artikel ini silahkan di cek kodingan nya siapa tau blom di patch :v


Ok contoh Source Tempat Login yang vuln :


<?php $message = “”; if(isset($_POST[‘submit’])){ $username= ($_POST[username]); $password = md5($_POST[‘password’]);$query = “SELECT * FROM admin WHERE username = ‘$username’ and password = ‘$password’ and usertype = ‘1’”;
$query_result = mysqli_query($con, $query); if(mysqli_num_rows($query_result)){ $row = mysqli_fetch_assoc($query_result); $_SESSION[‘admin_id’] = $row[‘id’]; $_SESSION[‘username’] = $row[‘username’]; header(“location: index.php”); }else{ $message = “Username and password is not matched.”; } } ?>

Perhatikan :

$username= ($_POST[username]); $password = md5($_POST[‘password’]);

Kalian Ubah Jadi :

$username = mysqli_escape_string($con,$_POST['username']); $password = mysqli_escape_string($con,$_POST['password']);

Hasil Nya :

<?php $message = “”; if(isset($_POST[‘submit’])){ $username = mysqli_escape_string($con,$_POST['username']); $password = mysqli_escape_string($con,$_POST['password']); $query = “SELECT * FROM admin WHERE username = ‘$username’ and password = ‘$password’ and usertype = ‘1’”; $query_result = mysqli_query($con, $query); if(mysqli_num_rows($query_result)){ $row = mysqli_fetch_assoc($query_result); $_SESSION[‘admin_id’] = $row[‘id’]; $_SESSION[‘username’] = $row[‘username’]; header(“location: index.php”); }else{ $message = “Username and password is not matched.”; } } ?>

Ok Mungkin Cukup itu saja

good luck

Anda mungkin menyukai postingan ini