| Title | SourceCodester website 1.0 Web application vulnerability |
|---|
| Description | I have discovered a SQL injection vulnerability on the engineers' portal, enabling an attacker to bypass the admin login page.
1- Download the application from https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html and install it on your system.
2- Visit the admin login page at http://localhost/engineer/admin/.
3- Enter this payload (admin' or '1'='1) in both the username and password fields.
4- The admin panel will now be bypassed." |
|---|
| Source | ⚠️ https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html |
|---|
| User | Farish (UID 60730) |
|---|
| Submission | 01/01/2024 12:08 (2 years ago) |
|---|
| Moderation | 01/01/2024 16:37 (4 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 249440 [SourceCodester Engineers Online Portal 1.0 Admin Login /admin/ username/password sql injection] |
|---|
| Points | 20 |
|---|