# Exploit Title: COVID19 Testing Management System 1.0 - SQL Injection (Auth Bypass)  
# Date: 19/05/2021  
# Exploit Author: Rohit Burke  
# Vendor Homepage:  
# Software Link:  
# Version: 1.0  
# Tested on: Windows 10  
SQL Injection:  
Injection flaws, such as SQL, NoSQL, and LDAP injection, occur when  
untrusted data is sent to an interpreter as part of a command or query. The  
attacker’s hostile data can trick the interpreter into executing unintended  
commands or accessing data without proper authorization.  
Attack vector:  
An attacker can gain admin panel access using malicious sql injection queries.  
Steps to reproduce:  
1) Open admin login page using following URl:  
2) Now put the payload below the Username and password field.  
Payload: admin' or '1'='1 and you will be successfully logged In as Admin without any credentials.