Exploits / Vulnerability Discovered : 2022-02-16 |
Type : webapps |
Platform : php
This exploit / vulnerability Simple student quarterly result/grade system 1.0 sqli authentication bypass is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Simple Student Quarterly Result/Grade System 1.0 - SQLi Authentication Bypass
# Date: 11/02/2022
# Exploit Author: Saud Alenazi
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/15169/simple-student-quarterly-resultgrade-system-php-and-mysql-free-source-code.html
# Version: 1.0
# Tested on: XAMPP, Linux
# Vulnerable Code
line 57 in file "/sqgs/Actions.php"
@$check= $this->db->query("SELECT count(admin_id) as `count` FROM admin_list where `username` = '{$username}' ".($id > 0 ? " and admin_id != '{$id}' " : ""))->fetch_array()['count'];
Steps To Reproduce:
* - Go to the login page http://localhost/sqgs/login.php