Online Learning Management System 1.0 - Authentication Bypass

vendor:

Online Learning Management System

by:

Aakash Madaan (Godsky)

7.5

CVSS

HIGH

Authentication Bypass

287

CWE

Product Name: Online Learning Management System

Affected Version From: Version 1

Affected Version To: Version 1

Patch Exists: NO

Related CWE: N/A

CPE: a:sourcecodester:online_learning_management_system:1.0

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Parrot OS

2020

Online Learning Management System 1.0 – Authentication Bypass

Easy authentication bypass vulnerability on the application allows an attacker to log in as the registered user without password. Step 1: Go to http://localhost/ and register a new user or try to login as already registered user (Ubas). Step 2: On the login page, use query { Ubas' or '1'='1 } as username Step 2: On the login page, use same query { Ubas' or '1'='1 } as password All set you should be logged in as Ubas.

Mitigation:

Ensure that authentication is properly implemented and that all user input is properly sanitized and validated.

Source

Exploit-DB raw data:

# Exploit Title: Online Learning Management System 1.0 - Authentication Bypass
# Exploit Author: Aakash Madaan (Godsky)
# Date: 2020-12-22
# Google Dork: N/A
# Vendor Homepage: https://www.sourcecodester.com/php/7339/learning-management-system.html
# Software Link: https://www.sourcecodester.com/download-code?nid=7339&title=Online+Learning+Management+System+using+PHP%2FMySQLi+with+Source+Code
# Affected Version: Version 1
# Category: Web Application
# Tested on: Parrot OS
# Description: Easy authentication bypass vulnerability on the application allows an attacker to log in as the registered user without password.

Step 1: Go to http://localhost/ and register a new user or try to login as
already registered user (Ubas).

Step 2: On the login page, use query { Ubas' or '1'='1 } as username

Step 2: On the login page, use same query { Ubas' or '1'='1 } as password

All set you should be logged in as Ubas.