| タイトル | School Dormitory Management System - SQL Injection "Unauthorized Admin Access" |
|---|
| 説明 | # Exploit Title: School Dormitory Management System - SQL Injection "Unauthorized Admin Access"
# Exploit Author: Madhur Jain
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/15319/school-dormitory-management-system-phpoop-free-source-code.html
# Software Link: https://www.sourcecodester.com/php/15319/school-dormitory-management-system-phpoop-free-source-code.html
# Version: v1.0
# Tested on: Windows 10, Apache
Description:-
A SQL Injection issue in School Dormitory Management System v.1.0 allows an attacker to login as an admin account
`
Payload used:-
admin' or 1=1 --
`
Parameter":-
Username
Password
`
Steps to reproduce:-
1. Lets go to admin login
2. Now in that User and password we insert our payload
3. As we can see we got logged in into admin account
4. The attack get admin panel access |
|---|
| ユーザー | Madhur Jain (UID 37979) |
|---|
| 送信 | 2022年12月22日 17:47 (4 年 ago) |
|---|
| モデレーション | 2022年12月25日 20:30 (3 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 216775 [SourceCodester School Dormitory Management System 1.0 Admin Login SQLインジェクション] |
|---|
| ポイント | 17 |
|---|