Exploits / Vulnerability Discovered : 2021-10-01 |
Type : webapps |
Platform : php
This exploit / vulnerability Directory management system 1.0 sql injection authentication bypass is for educational purposes only and if it is used you will do on your own risk!
Steps-To-Reproduce:
Step 1 Go to the Product admin panel http://localhost/dfsms/index.php.
Step 2 – Enter anything in username and password
Step 3 – Click on Login and capture the request in the burp suite
Step 4 – Change the username to admin' or '1'='1 and password to dfsms
Step 5 – Click forward and now you will be logged in as admin.