| 제목 | School Dormitory Management System - SQL Injection "Unauthorized Admin Access" |
|---|
| 설명 | # Exploit Title: School Dormitory Management System - SQL Injection "Unauthorized Admin Access"
# Exploit Author: Madhur Jain
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/15319/school-dormitory-management-system-phpoop-free-source-code.html
# Software Link: https://www.sourcecodester.com/php/15319/school-dormitory-management-system-phpoop-free-source-code.html
# Version: v1.0
# Tested on: Windows 10, Apache
Description:-
A SQL Injection issue in School Dormitory Management System v.1.0 allows an attacker to login as an admin account
`
Payload used:-
admin' or 1=1 --
`
Parameter":-
Username
Password
`
Steps to reproduce:-
1. Lets go to admin login
2. Now in that User and password we insert our payload
3. As we can see we got logged in into admin account
4. The attack get admin panel access |
|---|
| 사용자 | Madhur Jain (UID 37979) |
|---|
| 제출 | 2022. 12. 22. PM 05:47 (4 연령 ago) |
|---|
| 모더레이션 | 2022. 12. 25. PM 08:30 (3 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 216775 [SourceCodester School Dormitory Management System 1.0 Admin Login SQL 주입] |
|---|
| 포인트들 | 17 |
|---|