
18 changes to exploits/shellcodes TapinRadio 2.13.7 - Denial of Service (PoC) RarmaRadio 2.72.5 - Denial of Service (PoC) Realtek Audio Service 1.0.0.55 - 'RtkAudioService64.exe' Unquoted Service Path Realtek Andrea RT Filters 1.0.64.7 - 'AERTSr64.EXE' Unquoted Service Path Rumble Mail Server 0.51.3135 - 'rumble_win32.exe' Unquoted Service Path Kite 1.2020.1119.0 - 'KiteService' Unquoted Service Path Druva inSync Windows Client 6.6.3 - Local Privilege Escalation (PowerShell) Dup Scout Enterprise 10.0.18 - 'online_registration' Remote Buffer Overflow Joomla! 1.5 < 3.4.5 - Object Injection 'x-forwarded-for' Header Remote Code Execution Joomla! 1.5 < 3.4.6 - Object Injection 'x-forwarded-for' Header Remote Code Execution Eaton Intelligent Power Manager 1.6 - Directory Traversal PandoraFMS NG747 7.0 - 'filename' Persistent Cross-Site Scripting Joomla Plugin Simple Image Gallery Extended (SIGE) 3.5.3 - Multiple Vulnerabilities Employee Record Management System 1.1 - Login Bypass SQL Injection User Registration & Login and User Management System 2.1 - Cross Site Request Forgery Cyber Cafe Management System Project (CCMS) 1.0 - Persistent Cross-Site Scripting Savsoft Quiz 5 - 'Skype ID' Stored XSS vBulletin 5.6.3 - 'group' Cross Site Scripting
20 lines
No EOL
742 B
Text
20 lines
No EOL
742 B
Text
# Exploit Title: Employee Record Management System 1.1 - Login Bypass SQL Injection
|
||
# Date: 2020–11–17
|
||
# Exploit Author: Anurag Kumar Rawat(A1C3VENOM)
|
||
# Vendor Homepage: https://phpgurukul.com
|
||
# Software Link: https://phpgurukul.com/employee-record-management-system-in-php-and-mysql/
|
||
# Version: 1.1
|
||
# Tested on Parrot os(Linux)
|
||
|
||
Attack Vector:
|
||
An attacker can gain admin panel access using malicious sql injection quiries.
|
||
|
||
Steps to reproduce:
|
||
1. Open admin login page using following URl:
|
||
-> http://localhost/erms/admin/index.php
|
||
|
||
2. Now put below Payload in both the fields( User ID & Password)
|
||
Payload: ' or '1'='1
|
||
|
||
3)Server accept this payload and attacker successfully bypassed admin panel
|
||
without any credentials |