MC Inventory Manager suffers from a remote SQL injection vulnerability that allows for authentication bypass.
762b87b209d0f911fb371c00cc13d296985ae347761194af1e3e4552c0eb8029Vulnerability title: MC Inventory Manager Authentication Bypass
Exploit Author : Ashiyane Digital Security Team
Product: MC Inventory Manager
Date: 2015.10.13
Vendor Homepage: http://microcode.ws/inventory-manager.php
Introduction:
=============
Manage and maintain inventory of your company, items, sales, orders,
customers and suppliers.
MC Inventory Manager suffer from an authentication bypass in login page.
PoC:
===
To bypass the login page enter '=' 'or' for username and password input.
Demo:
====
Testing in demo of MC Inventory Manager.
http://microcode.ws/demo/inventory/index.php
Discovered By:
=============
Ehasn Hosseini (hehsan979@gmail.com)
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed