# Exploit Title: Student Result Management System 1.0 - Authentication Bypass SQL Injection# Google Dork: N/A# Date: 11/16/2020# Exploit Author: Ritesh Gohil# Vendor Homepage: https://projectnotes.org/it-projects/student-result-management-system-in-php-with-source-code/# Software Link: https://projectnotes.org/download/studentms-zip/# Version: 1.0# Tested on: Win10 x64, Kali Linux x64# CVE : N/A######## Description#################################################################### An SQL injection vulnerability discovered in PHP Student Result Management System #### Admin Login Portal is vulnerable to SQL Injection#### The vulnerability could allow for the improper neutralization of special elements ## in SQL commands and may lead to the product being vulnerable to SQL injection. #########################################################################################
Kindly Follow Below Steps:
1. Visit the main page of the Student Result Management System.
2. You will get an Admin Login Page.
3. Payload which you can use in Email and password field:
*AND 1=0 AND '%'='
*4. You will get Admin Access of the Student Result Management System.
