📄 Clothing Store Management System 1.0 SQL Injection

# Titles: Clothing Store Management System-1.0 SQLi Bypass Authentication
    # Author: nu11secur1ty
    # Date: 04/22/2025
    # Vendor: https://github.com/oretnom23
    # Software:
    https://www.sourcecodester.com/php/14576/clothing-store-management-system-using-phpmysqli-source-code.html
    # Reference: https://portswigger.net/web-security/sql-injection
    
    ## Description:
    The username parameter is vulnerable for SQLi-Bypass Authentication
    vulnerability. The parameter is not sanitizing well. The attacker can get
    all sensitive information from this system when he attacks it online, He
    can login super easily WITHOUT PASSWORD - ONLY USER - bypassing, and can
    crash or get every sensitive information from him!
    
    STATUS: HIGH-CRITICAL Vulnerability
    
    
    [+]Exploit:
    - SQLi:
    
    ```SQLi
    POST /clothing/ajax.php?action=login HTTP/1.1
    Host: pwnedhost.com
    Cookie: PHPSESSID=d1n8rpqnj189r1vdlq3g6rdsk4
    Content-Length: 44
    Sec-Ch-Ua-Platform: "Windows"
    Accept-Language: en-US,en;q=0.9
    Sec-Ch-Ua: "Chromium";v="135", "Not-A.Brand";v="8"
    Sec-Ch-Ua-Mobile: ?0
    X-Requested-With: XMLHttpRequest
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0)
    Gecko/20100101 Firefox/134.0
    Accept: */*
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Origin: https://pwnedhost.com
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: cors
    Sec-Fetch-Dest: empty
    Referer: https://pwnedhost.com/clothing/login.php
    Accept-Encoding: gzip, deflate, br
    Priority: u=1, i
    Connection: keep-alive
    
    username=the_exploit_here&password=
    ```
    
    # Reproduce:
    [href](https://www.patreon.com/posts/clothing-store-1-127189847)
    
    # Buy an exploit only:
    [href](https://satoshidisk.com/pay/COEb97)
    
    # Time spent:
    00:05:00