bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/multiple/webapps/49165.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

20 lines
No EOL
723 B
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Exploit Title: Employee Record Management System 1.1 - Login Bypass SQL Injection
# Date: 20201117
# Exploit Author: Anurag Kumar Rawat(A1C3VENOM)
# Vendor Homepage: https://phpgurukul.com
# Software Link: https://phpgurukul.com/employee-record-management-system-in-php-and-mysql/
# Version: 1.1
# Tested on Parrot os(Linux)
Attack Vector:
An attacker can gain admin panel access using malicious sql injection quiries.
Steps to reproduce:
1. Open admin login page using following URl:
-> http://localhost/erms/admin/index.php
2. Now put below Payload in both the fields( User ID & Password)
Payload: ' or '1'='1
3)Server accept this payload and attacker successfully bypassed admin panel
without any credentials
Reference in a new issue View git blame Copy permalink