# Exploit Title: WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass  
# Date: 18-11-2020  
# Exploit Author: Aakash Madaan  
# Vendor Homepage:  
# Software Link :  
# Version: N/A (Default)  
# Tested on: Windows 10 professional  
Steps to reproduce:  
1. Open user login page using following URl:  
-> http://localhost/login.php <http://localhost/login.html>  
2. If attacker get access to valid email address ( leaked data or by any  
other means) then he/she can use the email address as follows:  
Payload: <email>' OR '1'='1  
NOTE: Use the above payload in both username and password fields  
3. Server accepts the payload and the attacker is able to bypass the user  
login panel with only email address.