Thrive Smart Home SQL Injection Authentication Bypass Vulnerability

A SQL injection vulnerability has been identified in Thrive Smart Home version 1.1, specifically within the checklogin.php endpoint. This vulnerability allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. Exploitation involves injecting malicious SQL code to interfere with login queries, thereby gaining unauthorized access to the application.

Impact

Exploitation of this vulnerability allows for authentication bypass, enabling unauthorized users to access the application.

Reproduction

To reproduce this vulnerability, send a POST request to the checklogin.php endpoint with the 'user' parameter set to a crafted SQL injection payload, such as a tautology-based injection that exploits the application's SQL query handling. The response should indicate a successful login, bypassing authentication.