Online Mobile Recharge Script suffers from a remote SQL injection vulnerability that allows for authentication bypass.