| Title | sourcecodester Expense Management System sql injection in report.php(authenticated) |
|---|
| Description | in report.php line 34-37 call the function fetch_report_credit, and the function is implementation in Home_model.php
public function fetch_report_credit($from,$to){
$query= $this->db->query("select (SELECT SUM(credit.amount) FROM credit,recep where credit.date between '$from' and '$to' AND credit.cus_id=recep.id) AS Total,credit.amount, credit.date, recep.name FROM recep,credit where credit.date between '$from' and '$to' AND credit.cus_id=recep.id ORDER BY credit.date");
return $query;
}
it is obvious that the post parameter from and to is weak to sql injection
after login ,we can access report.php and copy the request to txt file from burpsuite and run sqlmap to exploit
python .\sqlmap.py -r .\1.txt --dbs
|
|---|
| Source | ⚠️ https://www.sourcecodester.com/php-codeigniter-expense-management-system-source-code |
|---|
| User | wuerror (UID 30660) |
|---|
| Submission | 08/06/2022 09:58 (4 years ago) |
|---|
| Moderation | 08/06/2022 18:45 (9 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 205811 [SourceCodester Expense Management System POST Parameter report.php fetch_report_credit from/to sql injection] |
|---|
| Points | 17 |
|---|