Small crm 2.0 authentication bypass Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2020-01-06 |
Type : webapps |
Platform : php
This exploit / vulnerability Small crm 2.0 authentication bypass is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Small CRM 2.0 - Authentication Bypass
# Google Dork: N/A
# Date: 2020-01-02
# Exploit Author: FULLSHADE
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/small-crm-php/
# Version: V2.0
# Tested on: Windows
# CVE : N/A
# Description:
#
# There is a SQL injection vulnerability in the /index.php page
# which allows for an attacker to use the SQLi login bypass payload
# '=''or' for both the username and password parameters, this allows
# for any authenticated or low level user to login to the admin account.