Lucene search
SoSPiro1337DAY-ID-39298HistoryFeb 05, 2024 - 12:00 a.m.
Bank Locker Management System SQL Injection Vulnerability
2024-02-0500:00:00
SoSPiro
0day.today
123
sql injection
bank locker management system
authentication bypass
vulnerability
poc
php
mysql
windows 10
wampserver
7.4 High
AI Score
Confidence
Low
# Exploit Title: Bank Locker Management System - SQL Injection
# Application: Bank Locker Management System
# Bugs: SQL Injection
# Exploit Author: SoSPiro
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/bank-locker-management-system-using-php-and-mysql/
# Tested on: Windows 10 64 bit Wampserver
## Description:
This report highlights a critical SQL Injection vulnerability discovered in the "Bank Locker Management System" application. The vulnerability allows an attacker to bypass authentication and gain unauthorized access to the application.
## Vulnerability Details:
- **Application Name**: Bank Locker Management System
- **Software Link**: [Download Link](https://phpgurukul.com/bank-locker-management-system-using-php-and-mysql/)
- **Vendor Homepage**: [Vendor Homepage](https://phpgurukul.com/)
## Vulnerability Description:
The SQL Injection vulnerability is present in the login mechanism of the application. By providing the following payload in the login and password fields:
Payload: admin' or '1'='1-- -
An attacker can gain unauthorized access to the application with administrative privileges.
## Proof of Concept (PoC):
1. Visit the application locally at http://blms.local (assuming it's hosted on localhost).
2. Navigate to the "banker" directory: http://blms.local/banker/
3. In the login and password fields, input the following payload:
4. admin' or '1'='1-- -
7.4 High
AI Score
Confidence
Low