Path Bug Bypas admin
Selamat datang di KandolTechno.
Dalam artikel gua kali ini gua akan membahas Mengenai bagaimana cara menutup bug atau celah bypas admin.
Kebetulan saya disini nemu live target yang memiliki celah bypas admin ,Gua liat source kodenya seperti ini:
<?php
session_start();
include('includes/config.php');
if(isset($_POST['login']))
{
$email=$_POST['username'];
$password=md5($_POST['password']);
$sql ="SELECT UserName,Password FROM admin WHERE UserName='$email' and Password='$password'";
$result=mysqli_query($conn,$sql);
if($result){
$noofresult=mysqli_num_rows($result);
if($noofresult>0){
while($row=mysqli_fetch_assoc($result)){
$usrname=$row['FullName'];
}
$_SESSION['alogin']=$_POST['username'];
echo "<script type='text/javascript'> document.location = 'change-password.php'; </script>";
}else{
echo "<script>alert('Invalid Details');</script>";
}
}
}
?>
$email=addslashes(trim($_POST['username']));
<?php
session_start();
include('includes/config.php');
if(isset($_POST['login']))
{
$email=addslashes(trim($_POST['username']));
$password=addslashes(trim(md5($_POST['password'])));
$sql ="SELECT UserName,Password FROM admin WHERE UserName='$email' and Password='$password'";
$result=mysqli_query($conn,$sql);
if($result){
$noofresult=mysqli_num_rows($result);
if($noofresult>0){
while($row=mysqli_fetch_assoc($result)){
$usrname=$row['FullName'];
}
$_SESSION['alogin']=$_POST['username'];
echo "<script type='text/javascript'> document.location = 'change-password.php'; </script>";
}else{
echo "<script>alert('Invalid Details');</script>";
}
}
}
?>
Nah itu caranya men path bug bypas admin. Saya ucapkan mohon maaf Bila ada kesalahan dalam bahasa dan pengetikan atau dalam bentuk apapun itu. Saya ucapkan mohon maaf sebesar besarnya.
0 Response to "Path Bug Bypas admin"
Post a Comment