# Exploit Title: COVID19 Testing Management System 1.0 - SQL Injection (Auth Bypass) # Date: 19/05/2021 # Exploit Author: Rohit Burke # Vendor Homepage: https://phpgurukul.com # Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ # Version: 1.0 # Tested on: Windows 10 SQL Injection: Injection flaws, such as SQL, NoSQL, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. Attack vector: An attacker can gain admin panel access using malicious sql injection queries. Steps to reproduce: 1) Open admin login page using following URl: "http://localhost/covid-tms/login.php" 2) Now put the payload below the Username and password field. Payload: admin' or '1'='1 and you will be successfully logged In as Admin without any credentials.