Student Result Management System 1.0 – Authentication Bypass SQL Injection

• Exploit Database
• 40 阅读

• 作者： Ritesh Gohil
  日期： 2020-12-02
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/49152/

• # Exploit Title: Student Result Management System 1.0 - Authentication Bypass SQL Injection
  # Google Dork: N/A
  # Date: 11/16/2020
  # Exploit Author: Ritesh Gohil
  # Vendor Homepage: https://projectnotes.org/it-projects/student-result-management-system-in-php-with-source-code/
  # Software Link: https://projectnotes.org/download/studentms-zip/
  # Version: 1.0
  # Tested on: Win10 x64, Kali Linux x64
  # CVE : N/A
  ######## Description
  #################################################################
  #
  #
  # An SQL injection vulnerability discovered in PHP Student Result Management System #
  #
  #
  # Admin Login Portal is vulnerable to SQL Injection
  #
  #
  #
  # The vulnerability could allow for the improper neutralization of special elements #
  # in SQL commands and may lead to the product being vulnerable to SQL injection. #
  #
  #
  ######################################################################################
  
  Kindly Follow Below Steps:
  1. Visit the main page of the Student Result Management System.
  2. You will get an Admin Login Page.
  3. Payload which you can use in Email and password field:
  *AND 1=0 AND '%'='
  *4. You will get Admin Access of the Student Result Management System.