Exam form submission system 1.0 sql injection authentication bypass Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2021-10-01 |
Type : webapps |
Platform : php
This exploit / vulnerability Exam form submission system 1.0 sql injection authentication bypass is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Exam Form Submission System 1.0 - SQL Injection Authentication Bypass
# Date: 30-09-2021
# Exploit Author: Nitin Sharma (Vidvansh)
# Vendor Homepage: https://code-projects.org
# Product link: https://code-projects.org/exam-form-submission-in-php-with-source-code/
# Version: 1.0
# Tested on: XAMPP / Windows 10
Steps-To-Reproduce:
Step 1 Go to the Product admin panel http://localhost/EXAM_FORM_SUBMISSION/admin/index.php.
Step 2 – Enter anything in username and password
Step 3 – Click on Login and capture the request in the burp suite
Step4 – Change the username to ' OR 1 -- - and password to ' OR 1 -- -.
Step 5 – Click forward and now you will be logged in as admin.