Student Result Management System 1.0 SQL Injection

2020.12.03
Credit: Ritesh Gohil
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: Student Result Management System 1.0 - Authentication Bypass SQL Injection # Google Dork: N/A # Date: 11/16/2020 # Exploit Author: Ritesh Gohil # Vendor Homepage: https://projectnotes.org/it-projects/student-result-management-system-in-php-with-source-code/ # Software Link: https://projectnotes.org/download/studentms-zip/ # Version: 1.0 # Tested on: Win10 x64, Kali Linux x64 # CVE : N/A ######## Description ################################################################# # # # An SQL injection vulnerability discovered in PHP Student Result Management System # # # # Admin Login Portal is vulnerable to SQL Injection # # # # The vulnerability could allow for the improper neutralization of special elements # # in SQL commands and may lead to the product being vulnerable to SQL injection. # # # ###################################################################################### Kindly Follow Below Steps: 1. Visit the main page of the Student Result Management System. 2. You will get an Admin Login Page. 3. Payload which you can use in Email and password field: *AND 1=0 AND '%'=' *4. You will get Admin Access of the Student Result Management System.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top