This exploit demonstrates an SQL injection vulnerability in Killmonster <= 2.1, allowing authentication bypass via crafted input in the login form. The PoC leverages a classic SQLi technique to bypass authentication by injecting a tautology (' or' 1=1) into the username and password fields.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:Killmonster <= 2.1
No auth needed
Prerequisites:Access to the login page of the target application