.png)
9 months ago
74 BOOK THIS SPACE FOR AD
ARTICLE AD
Hello Guys again from SXR team.
i will today introduce a way to exploit & make a clear PoC about the new SQLi in school-task-manager.
Description
Sourcecodester School Task Manager 1.0 allows SQL Injection via the ‘subject’ parameter.
after you find a endpoint for the software, as example when i was setting up my lab it was this endpoint http://127.0.0.1:80/school-task-manager/index.php in many cases it can be different.
after finding this it will show you page like this.
all you gotta do is go to the subjects page and add or delete existing subject and intercept the request.
as you can see it has an id for the subject, and in the response it indicate it has been deleted, now try to add one quote after num 6' like this.
Once again, the error message clearly points to a SQL syntax issue. which means there is a Possibility for SQLi.
after sometime i found script within sqlmap payload allowed me to make a time delay 5 seconds.
6' AND (SELECT 1770 FROM (SELECT(SLEEP(5)))wjyW) AND ‘vZpM’=’vZpM
this is the script i used and this is the result.
as you see in the bottom right, it says 5001 seconds delay.
and this the time-based payload. and after that i was able to extract all existing databases.
thats it for today, thanks for reading, if you an automated tool for this task you can used our tool in GitHub.
Bengali (Bangladesh) · 
English (United States) ·