Exploit for WebDamn User Registration And Login System With User Panel SQL Injection

Name: Exploit for WebDamn User Registration And Login System With User Panel SQL Injection
Rating: 5 (471 reviews)

2020-12-02 | CVSS -0.1

## https://sploitus.com/exploit?id=PACKETSTORM:160330
# Exploit Title: WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass  
# Date: 18-11-2020  
# Exploit Author: Aakash Madaan  
# Vendor Homepage: https://webdamn.com/  
# Software Link : https://webdamn.com/user-management-system-with-php-mysql/  
# Version: N/A (Default)  
# Tested on: Windows 10 professional  
  
Steps to reproduce:  
1. Open user login page using following URl:  
-> http://localhost/login.php <http://localhost/login.html>  
  
2. If attacker get access to valid email address ( leaked data or by any  
other means) then he/she can use the email address as follows:  
Payload: <email>' OR '1'='1  
NOTE: Use the above payload in both username and password fields  
  
3. Server accepts the payload and the attacker is able to bypass the user  
login panel with only email address.