Bank Locker Management System SQL Injection

# Exploit Title: Bank Locker Management System - SQL Injection# Application: Bank Locker Management System# Date: 12.09.2023# Bugs: SQL Injection # Exploit Author: SoSPiro# Vendor Homepage: https://phpgurukul.com/# Software Link: https://phpgurukul.com/bank-locker-management-system-using-php-and-mysql/# Tested on: Windows 10 64 bit Wampserver ## Description:This report highlights a critical SQL Injection vulnerability discovered in the "Bank Locker Management System" application. The vulnerability allows an attacker to bypass authentication and gain unauthorized access to the application.## Vulnerability Details:- **Application Name**: Bank Locker Management System- **Software Link**: [Download Link](https://phpgurukul.com/bank-locker-management-system-using-php-and-mysql/)- **Vendor Homepage**: [Vendor Homepage](https://phpgurukul.com/)## Vulnerability Description:The SQL Injection vulnerability is present in the login mechanism of the application. By providing the following payload in the login and password fields:Payload: admin' or '1'='1-- -An attacker can gain unauthorized access to the application with administrative privileges.## Proof of Concept (PoC):1. Visit the application locally at http://blms.local (assuming it's hosted on localhost).2. Navigate to the "banker" directory: http://blms.local/banker/3. In the login and password fields, input the following payload:4. admin' or '1'='1-- -