Submeter #59422: School Dormitory Management System - SQL Injection "Unauthorized Admin Access"informação

TítuloSchool Dormitory Management System - SQL Injection "Unauthorized Admin Access"
Descrição# Exploit Title: School Dormitory Management System - SQL Injection "Unauthorized Admin Access" # Exploit Author: Madhur Jain # Vendor Name: oretnom23 # Vendor Homepage: https://www.sourcecodester.com/php/15319/school-dormitory-management-system-phpoop-free-source-code.html # Software Link: https://www.sourcecodester.com/php/15319/school-dormitory-management-system-phpoop-free-source-code.html # Version: v1.0 # Tested on: Windows 10, Apache Description:- A SQL Injection issue in School Dormitory Management System v.1.0 allows an attacker to login as an admin account ` Payload used:- admin' or 1=1 -- ` Parameter":- Username Password ` Steps to reproduce:- 1. Lets go to admin login 2. Now in that User and password we insert our payload 3. As we can see we got logged in into admin account 4. The attack get admin panel access
Utilizador
 Madhur Jain (UID 37979)
Submissão22/12/2022 17h47 (há 4 anos)
Moderação25/12/2022 20h30 (3 days later)
EstadoAceite
Entrada VulDB216775 [SourceCodester School Dormitory Management System 1.0 Admin Login Injeção SQL]
Pontos17

VoltarVisão GeralPróximo

Want to know what is going to be exploited?

We predict KEV entries!