Student Result Management System 1.0 - Authentication Bypass SQL Injection - 黑帽漏洞数据库

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

赤队小组-代号1949（原CHT攻防小组）在这个瞬息万变的网络时代，我们保持初心，创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识，您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告，请注册用户查看我们的使用与隐私策略，谢谢您的配合。小组成员可以获取论坛隐藏内容！

TheHackerWorld官方

发布于2022年11月4日2年前

# Exploit Title: Student Result Management System 1.0 - Authentication Bypass SQL Injection
# Google Dork: N/A
# Date: 11/16/2020
# Exploit Author: Ritesh Gohil
# Vendor Homepage: https://projectnotes.org/it-projects/student-result-management-system-in-php-with-source-code/
# Software Link: https://projectnotes.org/download/studentms-zip/
# Version: 1.0
# Tested on: Win10 x64, Kali Linux x64
# CVE : N/A
######## Description
#################################################################
#
#
# An SQL injection vulnerability discovered in PHP Student Result Management System #
#
#
# Admin Login Portal is vulnerable to SQL Injection
#
#
#
# The vulnerability could allow for the improper neutralization of special elements #
# in SQL commands and may lead to the product being vulnerable to SQL injection. #
#
#
######################################################################################

Kindly Follow Below Steps:
1. Visit the main page of the Student Result Management System.
2. You will get an Admin Login Page.
3. Payload which you can use in Email and password field:
*AND 1=0 AND '%'='
*4. You will get Admin Access of the Student Result Management System.

登录

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

Student Result Management System 1.0 - Authentication Bypass SQL Injection

精选回复

创建帐户或登录后发表意见

最近浏览 0

帐户

导航

搜索