# Exploit Title: Bank Locker Management System - SQL Injection  
# Application: Bank Locker Management System  
# Date: 12.09.2023  
# Bugs: SQL Injection   
# Exploit Author: SoSPiro  
# Vendor Homepage:  
# Software Link:  
# Tested on: Windows 10 64 bit Wampserver   
## Description:  
This report highlights a critical SQL Injection vulnerability discovered in the "Bank Locker Management System" application. The vulnerability allows an attacker to bypass authentication and gain unauthorized access to the application.  
## Vulnerability Details:  
- **Application Name**: Bank Locker Management System  
- **Software Link**: [Download Link](  
- **Vendor Homepage**: [Vendor Homepage](  
## Vulnerability Description:  
The SQL Injection vulnerability is present in the login mechanism of the application. By providing the following payload in the login and password fields:  
Payload: admin' or '1'='1-- -  
An attacker can gain unauthorized access to the application with administrative privileges.  
## Proof of Concept (PoC):  
1. Visit the application locally at http://blms.local (assuming it's hosted on localhost).  
2. Navigate to the "banker" directory: http://blms.local/banker/  
3. In the login and password fields, input the following payload:  
4. admin' or '1'='1-- -