MC Inventory Manager SQL Injection

2015-10-14T00:00:00
ID PACKETSTORM:133966
Type packetstorm
Reporter Ehsan Hosseini
Modified 2015-10-14T00:00:00

Description

                                        
                                            `Vulnerability title: MC Inventory Manager Authentication Bypass  
Exploit Author : Ashiyane Digital Security Team  
Product: MC Inventory Manager  
Date: 2015.10.13  
Vendor Homepage: http://microcode.ws/inventory-manager.php  
  
  
Introduction:  
=============  
Manage and maintain inventory of your company, items, sales, orders,  
customers and suppliers.  
MC Inventory Manager suffer from an authentication bypass in login page.  
  
PoC:  
===  
To bypass the login page enter '=' 'or' for username and password input.  
  
Demo:  
====  
Testing in demo of MC Inventory Manager.  
http://microcode.ws/demo/inventory/index.php  
  
  
Discovered By:  
=============  
Ehasn Hosseini (hehsan979@gmail.com)  
`