MC Inventory Manager SQL Injection
Posted on 15 October 2015
Vulnerability title: MC Inventory Manager Authentication Bypass Exploit Author : Ashiyane Digital Security Team Product: MC Inventory Manager Date: 2015.10.13 Vendor Homepage: http://microcode.ws/inventory-manager.php Introduction: ============= Manage and maintain inventory of your company, items, sales, orders, customers and suppliers. MC Inventory Manager suffer from an authentication bypass in login page. PoC: === To bypass the login page enter '=' 'or' for username and password input. Demo: ==== Testing in demo of MC Inventory Manager. http://microcode.ws/demo/inventory/index.php Discovered By: ============= Ehasn Hosseini (hehsan979@gmail.com)