{"href": "https://0day.today/exploit/description/29756", "sourceData": "######################################################################################\r\n# Exploit Title: Select Your College Script - 2.0.2 - Authentication Bypass\r\n# Vendor Homepage: https://www.phpscriptsmall.com/\r\n# Software Link:https://www.phpscriptsmall.com/product/select-your-college-script/\r\n# Category: Web Application\r\n# Exploit Author: Prasenjit Kanti Paul\r\n# Web: http://hack2rule.wordpress.com/\r\n# Version: 2.0.2\r\n# Tested on: Linux Mint\r\n# CVE: CVE-2018-6863\r\n#######################################################################################\r\n \r\nProof of Concept\r\n \r\n1. Goto login page\r\n2. put [admin' OR '1' = '1] as user and password field\r\n3. You will be logged in as an authenticated user\n\n# 0day.today [2018-03-19] #", "bulletinFamily": "exploit", "modified": "2018-02-10T00:00:00", "title": "Select Your College Script 2.0.2 - Authentication Bypass Vulnerability", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "sourceHref": "https://0day.today/exploit/29756", "cvelist": ["CVE-2018-6863"], "description": "Exploit for php platform in category web applications", "viewCount": 3, "published": "2018-02-10T00:00:00", "edition": 1, "id": "1337DAY-ID-29756", "type": "zdt", "lastseen": "2018-03-20T01:16:41", "reporter": "Prasenjit Kanti Paul", "enchantments": {"score": {"value": 5.6, "vector": "NONE", "modified": "2018-03-20T01:16:41", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-6863"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:146334"]}, {"type": "exploitdb", "idList": ["EDB-ID:44014"]}], "modified": "2018-03-20T01:16:41", "rev": 2}, "vulnersScore": 5.6}, "references": []}

{"cve": [{"lastseen": "2021-02-02T06:52:41", "description": "SQL Injection exists in PHP Scripts Mall Select Your College Script 2.0.2 via a Login Parameter.", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-12T03:29:00", "title": "CVE-2018-6863", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-6863"], "modified": "2018-02-28T19:24:00", "cpe": ["cpe:/a:select_your_college_script_project:select_your_college_script:2.0.2"], "id": "CVE-2018-6863", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6863", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:select_your_college_script_project:select_your_college_script:2.0.2:*:*:*:*:*:*:*"]}], "packetstorm": [{"lastseen": "2018-02-15T00:22:34", "description": "", "published": "2018-02-10T00:00:00", "type": "packetstorm", "title": "Select Your College Script 2.0.2 Authentication Bypass", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-6863"], "modified": "2018-02-10T00:00:00", "id": "PACKETSTORM:146334", "href": "https://packetstormsecurity.com/files/146334/Select-Your-College-Script-2.0.2-Authentication-Bypass.html", "sourceData": "`###################################################################################### \n# Exploit Title: Select Your College Script - 2.0.2 - Authentication Bypass \n# Date: 07.02.2018 \n# Vendor Homepage: https://www.phpscriptsmall.com/ \n# Software Link:https://www.phpscriptsmall.com/product/select-your-college-script/ \n# Category: Web Application \n# Exploit Author: Prasenjit Kanti Paul \n# Web: http://hack2rule.wordpress.com/ \n# Version: 2.0.2 \n# Tested on: Linux Mint \n# CVE: CVE-2018-6863 \n####################################################################################### \n \nProof of Concept \n \n1. Goto login page \n2. put [admin' OR '1' = '1] as user and password field \n3. You will be logged in as an authenticated user \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/146334/sycs202-bypass.txt"}], "exploitdb": [{"lastseen": "2018-02-10T16:54:04", "description": "Select Your College Script 2.0.2 - Authentication Bypass. CVE-2018-6863. Webapps exploit for PHP platform", "published": "2018-02-10T00:00:00", "type": "exploitdb", "title": "Select Your College Script 2.0.2 - Authentication Bypass", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-6863"], "modified": "2018-02-10T00:00:00", "id": "EDB-ID:44014", "href": "https://www.exploit-db.com/exploits/44014/", "sourceData": "######################################################################################\r\n# Exploit Title: Select Your College Script - 2.0.2 - Authentication Bypass\r\n# Date: 07.02.2018\r\n# Vendor Homepage: https://www.phpscriptsmall.com/\r\n# Software Link:https://www.phpscriptsmall.com/product/select-your-college-script/\r\n# Category: Web Application\r\n# Exploit Author: Prasenjit Kanti Paul\r\n# Web: http://hack2rule.wordpress.com/\r\n# Version: 2.0.2\r\n# Tested on: Linux Mint\r\n# CVE: CVE-2018-6863\r\n#######################################################################################\r\n\r\nProof of Concept\r\n\r\n1. Goto login page\r\n2. put [admin' OR '1' = '1] as user and password field\r\n3. You will be logged in as an authenticated user", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/44014/"}]}