Customer Relationship Management System (CRM) 1.0 Sql Injection Authentication Bypass

2021.07.27

Credit: Shafique_Wasta

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

# Exploit Title: Customer Relationship Management System (CRM) 1.0 - Sql Injection Authentication Bypass
# Date: 27/07/2021
# Exploit Author: Shafique_Wasta
# Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/crm_0.zip
# Version: 1
# Tested on: Windows 10/xampp
# DESCRIPTION #
# Customer relationship management system is vulnerable to Sql Injection Auth Bypass
# Exploit Working:
# 1. Visit on localhostcrm/customer/login.php
# 2. You will see the login panel
# 3. use this payload ( '=' 'or' ) in username and click on signin you will login into the admin account.
# Vulnerable URL :http://localhost/crm/customer/login.php
# Payload: '=' 'or'

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Customer Relationship Management System (CRM) 1.0 Sql Injection Authentication Bypass

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.