PHP Voting System – Admin Authentication Bypass (SQLI)
![](https://secure77.de/wp-content/uploads/2021/05/2021-05-06-23_24_18-Voting-System-using-PHP.png)
Today i found a new exploit in the PHP Voting System. Exploit-DB entry: https://www.exploit-db.com/exploits/49843 The /admin/login.php is vulnerable against SQL injections and so you can bypass the admin authentication. login.php As you can see the first check if($query->num_rows < 1)against the username is only checking the number of rows. With the following statement you always
Continue Reading „PHP Voting System – Admin Authentication Bypass (SQLI)“