Blood bank system 1.0 authentication bypass Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2021-10-01 |
Type : webapps |
Platform : php
This exploit / vulnerability Blood bank system 1.0 authentication bypass is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Blood Bank System 1.0 - Authentication Bypass
# Date: 30-9-2021
# Exploit Author: Nitin Sharma (vidvansh)
# Vendor Homepage: https://code-projects.org/blood-bank-in-php-with-source-code/
# Software Link : https://download.code-projects.org/details/f44a4ba9-bc33-48c3-b030-02f62117d230
# Version: 1.0
# Tested on: Windows 10 , Apache , Mysql
# Description : Password input is affected with authentication bypass because of improper sanitisation which lead to access to auauthorised accounts.
#Steps-To-Reproduce:
Step 1 Go to the Product admin panel http://localhost/bloodbank/login.php.
Step 2 – Enter anything in username and password
Step 3 – Click on Login and capture the request in the burp suite
Step4 – Change the username to ' OR 1 -- - and password to ' OR 1 -- -.
Step 5 – Click forward and now you will be logged in as admin.
# Go to admin login page (http://localhost/bloodbank/login.php), then use below payload as username and password =>
Username: ** Random email**
Password: ' or 1 -- -