Simple water refilling station management system 1.0 authentication bypass Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2021-08-16 |
Type : webapps |
Platform : php
This exploit / vulnerability Simple water refilling station management system 1.0 authentication bypass is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Simple Water Refilling Station Management System 1.0 - Authentication Bypass
# Exploit Author: Matt Sorrell
# Date: 2021-08-14
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/14906/simple-water-refilling-station-management-system-php-free-source-code.html
# Version: 1.0
# Tested On: Windows Server 2019 and XAMPP 7.4.22
# The Simple Water Refilling Station Management System
# is vulnerable to a SQL Injection because it fails to sufficiently sanitize
# user-supplied data before using it in a SQL query. Successful exploitation
# of this issue could allow an attacker to bypass the application's
# authentication controls and possibly access other sensitive data.
# Vulnerable Code: Line 21 in water_refilling/classes/Login.php
qry = $this->conn->query("SELECT * from users where username = '$username' and password = md5('$password') ");